We all have loads of emails coming in on a daily, especially if your a business. However we all also receive a bunch of spam, and some that have very bad intent for your security! Phishing attacks are becoming some of the most prominent forms of security breaches.
Phishing attacks: Phishing is the attempt to obtain sensitive information such as usernames, passwords, credit card details, all through the guise of a trustworthy entity over electronic communication.
As a solution to email spam and the ever malicious phishing attacks, a layered email security set-up is ideal. Layered security can be hosted locally or on the cloud. Layered security combines multiple mitigating controls to protect resources and data.
Here’s the breakdown for each layer and their involvement in adding to your security measures!
Layer 0 or 6: SIEM, spam control and monitoring
This layer focuses on the generating data about quantities of emails that can be cataloged as spam. This can be the initial or final step in the layers. Using this information we can improve the process of our current antispam protection system.
Spam control through SIEM (Security Information and Event Management) allows the generation of statistics to determine the number of attacks stopped by the other layers of protection, validating our security system.
Layer 1: Mail scanning via external services
Not all businesses start out with antispam protection technology, so its important to incorporate some platform that holds a continuously updated source of threat intelligence data. Detection systems, sensors and other information gathering mechanisms that summarize the data of potential new attackers or existing actors/suspects.
Layer 2: Perimeter protection
Ensure the computers have a form of firewall and spam detection system. Firewalls generally provide perimeter protection to internal networks, however its important to test these security measures to make sure they are configured correctly and catch the correct forms of spam/emails.
Layer 3: Internal network, mail servers and antispam solutions
Many next-gen email platforms have local spam protection, but need to be configured correctly for your specific business needs and pointing to internal antispam servers.
Layer 4: Final devices
Each host should have protection mechanisms connected to the mail client. This mechanism must be able to identify threats, email spam, and spear phishing attack. These systems can be connected to Outlook, Notes, and Thunderbird.
Layer 5: Training end users to avoid phishing attacks
Users are one of the most important layers of protection. Its important to teach the basics to your employees about security awareness, because ultimately when it comes to phishing attacks through email, each individual user has to know what to look for and avoid!
Give us a call at Re2tech today and let us ensure your security is in place and ensure all forms of protection are in place to prevent any susceptibility to phishing attacks among the other online dangers!