Prevention and Response to Email Scams

Greg Wilson, Head of Information Security
October 31, 2018

With so much technology at our fingertips, allowing people to connect and communicate more quickly than ever before, it’s no surprise that some individuals have discovered ways to obtain unauthorized access to accounts and communications that aren’t their own.

One area in particular in which this often occurs is through email messages. Attackers are able to send links or attachments that contain malware (software that can cause computer viruses), enticing the recipients to click what was sent, resulting in the accounts or devices being compromised. A hacker can then access additional information, including sensitive personal and financial information of another individual or of multiple individuals — such as a firm and all of its client accounts.

Preventing Email Security Compromises

It’s imperative for businesses to take the proper security measures to ensure that such incidents do not occur and to respond quickly and efficiently if there are situations of compromise. Below are ways to help protect your company and the information it wishes to keep contained.

  • Apply security patches. A security patch is a piece of software used when a company discovers there’s been a security flaw. Just as a patch on clothing prevents a hole from worsening, a security patch prevents a data breach and limits lateral movement within a network. Companies need to ensure they replace their systems’ unsupported products with supported ones to ensure such security patches are available.
  • Deploy filters to block disreputable sites and certain scripts. Ensuring your network uses appropriate filters to help keep users from accessing certain sites and programs is imperative. Web filters are able to block sites with specific known IP addresses and can also prevent the removal of data if links to those sites are clicked. Additionally, disabling scripts such as Adobe Flash and JavaScript will help combat the security issues that come along with running those programs. When needed, a company can whitelist the applications that must use them.
  • Have an effective email filter at your company’s gateway. Similar to blocking certain sites from being accessed, it’s also wise to employ an email filter that blocks spam messages. Because email is such a common means of communication that hackers use to obtain information they should not be obtaining, companies need to take extra initiatives to help ensure these types of email messages never even make it into their employees’ inboxes.
  • Enforce a principle of least privilege. In order to avoid or minimize a security breach, employees should only be given the lowest levels of user rights and access that will still allow them to do their jobs effectively. This will still permit normal functioning of the company, and there will be less likelihood that hackers will be able to access privileged information.
  • Train all employees. Make sure your employees are aware of specific tactics hackers often use and how they can identify potential threats. Even the subject lines of emails should often be suspect — the leading phishing email subject line is “Security Alert.”1 Have a protocol for employees to follow should they receive such emails, and educate them on how your company will disseminate information in the event that there is an actual security alert present.
  • Create an incident response plan, and test it. Prepare your business for any potential threats to secure information by having the right people and steps in place as part of a course of action to respond when necessary. Conduct a tabletop exercise, and walk through your plan to make sure your policy encapsulates what should be done and by whom in certain situations.

Responding When a Security Compromise Occurs

In the event of a breach of security at your company, immediate action must be taken to ensure complete and successful remediation of the situation. The following measures can help your company return to normal operations after a cyberattack has occurred.

  • Make an immediate decision. When it comes to security, there’s no time to waste. Decisions must be made as soon as possible, particularly in the case of ransomware instances, which require some form of payment in order for users to be able to access or protect their data. It’s important to remember that, even if the ransom is paid, there is no guarantee that the hacker will not decrypt the data or encrypt the data at a future date. Additionally the ransom that is paid only decrypts the file; it does not remove the initial infection, so it is likely your data could be infected again unless you find the virus and remove it.
  • Enter into containment mode, and use backups. When a security breach occurs, it’s best to go into a containment period in which servers, sites and files from others are isolated so that the threat does not continue to spread. Additionally, using an air gap (a method in which a network security measure is used on one or more computers so that the secured computer network is set apart from the unsecured networks) as a backup is an effective way to continue operations.
  • Find and remove all threats. Once the threat has been identified, it’s important to identify how it came into the system in the first place so that prevention measures can be taken. After the identification has been made, that particular security vulnerability must be fixed, whether through configuration, isolation, replacement, monitoring or mitigation.2
  • Return to operations, and make necessary changes. The sooner you can ensure your system returns to its standard operations, the better. After a security breach occurs, perform a root cause analysis to discover what led to the attack and what was done well/not done well during the response to the situation. Then make the appropriate adjustments to your security policies to prevent such an incident from happening in the future.

While there’s no surefire way to rid of security threats from existing, there are certainly ways your company can be better prepared to combat them and more primed to respond in the unfortunate cases when they do occur.

For more information regarding protecting your business and your clients from cybercrime, download our free guide.

1 Robert Hackett. “Beware of These Top 10 Phishing Emails. Would You Fall for Them?” Fortune, July 13, 2017.
2 Pete Cheslock. “What to Do When You Can’t Fix a Security Vulnerability.” Threat Stack, June 2, 2016.

November is Long-term Care Awareness Month

Although you can never foresee every possible bump in the road, it is important to plan for the journey ahead.