Communication Security

The Argument for Endpoint Security

By | Communication Security, Data Security, Email Security

endpoint securityAn organization is only as secure as its weakest access point, and certain endpoints – smartphones, laptops, and other portable devices that are often connected to public WiFi hotspots or are apt to be lost – are a weak spot for most organizations.

Endpoints are an easy target. Endpoint security is designed to thwart the most common risks these devices present, by detecting and blocking malware, as well as reducing vulnerabilities while ensuring a sensible balance between protection and user access.

Does Your Organization Need Endpoint Security?

Does your company use mobile devices? Do your employees have the ability to take these devices offsite and off-network? Would a data breach cost you customers, downtime, or lost business? If you answer yes to any of these questions, then endpoint security is something your organization should consider.

Endpoint Security and Phishing Scams

Email security is a challenge for every organization. Your employees, whose split-second decision to click on a link or open a file puts you at risk – are part of the solution. But can endpoint security help you prevent phishing attacks? As part of an overall strategy to implement multiple layers of security designed to block as much malware as possible, endpoint security can work at the device level by:

  • Requiring security and monitoring software that can detect rapid file encryption, even on employee-owned devices used for work
  • Making sure all operating systems used on devices are fully patched and up to date
  • Whitelisting apps
  • Implementing analytics that rapidly detect and block threats

Threats from phishing emails and malware, such as ransomware, worms, and bots, are a constant threat. Proactive measures must be taken to prevent existing and emerging threats, not just on your network and servers but at every point of access as well as through employee training and consistent reinforcement.

As cybersecurity remains a top concern for business leaders in every industry, taking the necessary steps to protect your organization becomes a high priority. Minimizing your risk is easier when you partner with a trusted managed IT service provider who partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet their needs. For more information, contact us today.

Avoid Devastating Security Breaches with Sender Policy Framework

By | Communication Security

Over the last year we’ve seen a significant increase in the volume of “spoofed” email, where the sender of the email appears to be internal to the company, attempting to trick the recipient into initiating an action that appears to be legitimately requested, such as a wire transfer or the opening of an attachment that enables ransomware. These emails can be very deceptive. Often, company executives are impersonated, and emails are sent to people within the organization who would typically be involved in such transactions. While there is no foolproof way of stopping these messages – and the best line of defense, of course, is a well-trained staff who reacts with caution before opening attachments or sending money – we do recommend implementing Sender Policy Framework (SPF) technology to help prevent the spoofed emails from even reaching their destinations. 

Sender Policy Framework 

Sender Policy Framework is a technology used to establish approved email systems for a domain. To implement SPF, thinkCSC creates a special DNS record that identifies which servers are allowed to send email for your domain. This record is then read by supported mail systems and processed according to their configured policies. In other words, we create a special code that tells the email provider which messages are legitimate email, allowing the provider to better detect spoof messages and mark them as spam. Most major mail providers now factor SPF evaluation into their overall scoring mechanism for determining whether a message should be delivered or marked as spam, and some mail providers will automatically junk messages that fail an SPF evaluation. While this technique does not ensure that spoofed message will always be considered spam, it does increase the likelihood considerably.

In order to successfully implement an SPF record, it’s critical to identify all of the mail servers and third-party services that could be used to send email on behalf of a domain, including the email provider, company websites, relays, third-party SaaS tools (like CRM), and marketing software that sends emails on behalf of the organization. Once these are identified, thinkCSC will create the DNS record, test and validate email flow from known senders, and update the SPF record as needed.

If you have been the victim of phishing emails or would like to learn how to protect your organization from sender address forgeries, contact thinkCSC for more information.