Over 94% of cyberattacks originate in the email inbox, with phishing (identity theft) being the main prong of attack. Phishing by means of a "whaling attack”, also known as "CEO fraud" has forced many companies not only to redefine authentication and certification processes, but also to try to prevent the effectiveness of these social engineering attacks at the point of origin: our email inbox.
First step: mail authentication protocols
To effectively minimize the risk, it is advisable to implement a correct configuration of the so-called authentication protocols (SPF, DKIM and DMARC). These protocols verify the legitimacy of the sending servers and to improve the verification of the receipt of e-mails. They therefore serve both to protect us and to improve the protection of others.
To implement them, an audit of their status is carried out.
Email flow with protocols
Additional measures to mitigate risk
M365 Audit
Microsoft 365 offers different levels of configuration and tools to strengthen the cybersecurity of companies. This audit has focused on an analysis of the protection level afforded by the customers' M365 services platform.
Strong authentication and identity protection
In addition to enforcing logins and configuring multi-factor authentication, it is strongly advised to set up identity and permission management tools and conditional access through user behavior analysis.
Visibility and management of device protection
The company must be aware of the protection and security update status of the devices at all times. For this purpose, tools are available that monitor the status of these devices and the application of protection measures and also keep track of the way in which they are connected to the company's networks and even the level of encryption of the files on the hard disk.
Set up and manage policies to comply with GDPR regulations
In particular if you are working remotely, whether you save your documents in the cloud or on your local server, we recommend that you always install a good virus checker. In addition, take time to look into the settings of permissions (encryption, detection and classification of file sensitivity levels, etc.) in order to prevent data loss.
The installation and use of Artificial Intelligence tools
These tools, such as Darktrace Antigena, help to autonomously detect and neutralize email phishing threats, as well as detecting when an account has been compromised by analyzing user behavior.
Sofistic, Cuatroochenta's cybersecurity area, has a team of professionals with extensive experience in consulting and specialized cybersecurity services, and can help you protect your email.
As a Microsoft Certified Cybersecurity Partner, Sofistic audits and secures the Microsoft 365 tenant for misconfigurations. To do this, they are not only based on the best practices recommended by Microsoft, but also on the extensive experience gained in multiple projects of this type. In addition, this assurance will serve as the basis for much more ambitious projects such as identity management, device management (MDM), and information tagging or leakage (DLP).
