David Hume and Immanuel Kant both had some deep thoughts on skepticism, empiricism, and the application of our own personal belief systems onto our view of The Way the World Works. They were convinced the only thing we know is we don’t know anything and should act accordingly.
This is, if you’ll accept this long and winding analogy, a great perspective for thinking about email security. No, really. How skeptical are you when you get an email, purporting to be from your boss, asking you to buy gift cards for the staff? How do you weigh the subtle red flags contained in that email versus wanting to just do your job?
If we cannot fully understand the way of everything, and we accept that we’re not perfect interpreters of the intentions of others, then what are we to do to protect ourselves from evil that lies in the hearts of men? Well, for a start, try the following.
Inbound email identification
What about these emails that are supposedly from your boss? Let’s give your people more and better ways to identify these scams. Ask your EXP consultant about adding an [External Sender] tag to all incoming email. This means that any email that comes from the internet, and not from within your company, gets tagged to provide an upfront, visible cue that it’s not actually your boss who wants those gift cards, it’s a scammer.
Advanced Threat Protection (ATP)
ATP is an added layer of protection to your current spam scanner that is specifically looking for scam and phishing type emails. It costs $3-$5 per mailbox per month and is worth every penny. It ensures that far fewer threats reach your inbox, and embedded links get redirected to a specialized scanning service, so you don’t accidentally get taken somewhere bad.
Outbound email sender/recipient identification
Oh, we love our acronyms in IT, don’t we? Here are three more for you: SPF, DKIM, and DEMARC. These are all ways to identify your email system to the one receiving your email. SPF is de rigueur, DKIM is a smart move, and DEMARC is new and not proven to be effective yet, but that’s mostly due to lack of buy-in; it’s more a of herd-immunity approach. Ask your EXP consultant about SPF and DKIM, which are the minimum requirements for sending email safely on the Internet and attempting to keep bad guys from impersonating you (i.e., spoofing).
Multi-Factor Authentication (MFA)
When you log in to your bank account online, do you get a text with a one-time use code? If so, then you’re already using MFA technology. Adding this simple step to log in to your email from the internet is one of the quickest and most effective changes you can make to your email security. Because the scammer can’t send email as you if they can’t get into your mailbox.
To learn more about securing your email from end to end, contact EXP today!
