Check Point Email Security | Blog

Three Email Security Recommendations in a Time of Crisis

Written by Gil Friedrich | March 23, 2020

It is a time of crisis. Your IT team is working remotely, budgets are in question, and resources are stretched more than ever. Remote users are presenting the IT team with new challenges, all while hackers are stepping up their efforts to take advantage of the crisis.

Email is already the source of about 90% of attacks. Beyond that, as CNN has reported, the new work-from-home paradigm is riddled with vulnerabilities. Workers may be using personal computers; the WiFi may not be as secure as it is in the office; a child may accidentally introduce malware onto a computer, which then spreads to the next virtual office. In addition, a slew of COVID-related websites and apps have been set up to spread malware.

Is your security set up for these new challenges? We have put together a list of recommendations based on the types of attacks we are seeing on the rise and the feedback from our CISO customers.

Recommendation 1: Provide Security Guidance For Your End-Users That Are Working From Home

 

The Challenge of Separation Between Work and Personal Email

As employees work from home, often from a personally owned device, we see a significant spike in usage of personal email accounts for work-related communications. This creates two email security challenges:

  1. It opens the door for impersonation attacks. Hackers are taking advantage of the disruption to send BEC emails to spoof an employee with a message “from my personal account.”
  2. Personal accounts are not protected by the additional security you have deployed for the company. Hackers know this and can go after employees’ personal email (Guessing their address by their name - e.g. first.last@gmail.com).

Explain to your employees this risk and instruct them to use only work email when sending and receiving email, as well rejecting messages from non-corporate accounts. Work email should only be used for work. Never use personal email for work purposes.

 

Are Employees Using Their Own Devices?

Some employees may be using their personally-owned devices for work. This imposes two new risks. First, those devices don’t have the security tools you have running on your corporate machines. Second, email attachments saved locally will stay there long after the crisis is over.

“Work in the cloud” is probably the best recommendation you can give your remote task force. If they don’t save the attachments locally but view and edit them within the collaboration suite—i.e., Office 365 or GSuite— then the company controls the data. It's not always possible, but at least employees that are aware of this issue and this risk are more likely to comply with this security guideline. Be aware that file-share apps like OneDrive and G Suite make it possible to share a copy of company files on the local drive, which may not be a company device.

 

The Hackers Know What’s On Everyone's Mind

Phishing relies on sending an email that would look genuine to the recipient - the right message to the right person at the right time. With the global crisis, everyone has the same thing on their mind. And hackers know that employees might be a bit more distracted than usual, with children home from school, a dog that needs walking and the constant news cycle. We have seen a significant rise of attacks that impersonate the CDC and advisories from healthcare organizations.

More alarming are impersonation attacks from an organization’s “CEO” or “HR” with “Instructions for working from home” or “The list of employees infected with COVID-19.” Because they are timely and expected, they are very likely to be opened without suspicion.

Every crisis gives hackers an opportunity to send content that is relevant and urgent. This pandemic adds to the confusion with new environments, new devices and user training that doesn’t apply when even legitimate messages are out-of-the-ordinary.

Recommendation 2: Think About All Lines Of Communication Your Employees Are Using

 

Employee Communication Beyond Email

As employees work remotely, they are also using other applications in the collaboration suite. Microsoft Teams saw an 120% increase in daily users since November; in the last week-and-a-half, Teams has seen a 37% growth rate. Hackers use OneDrive, Teams, Slack and other collaboration tools for “east-west” attacks to try and infect other parts of the organization. A compromised email account provides access to multiple channels of communication and while fellow employees might remain suspicious of email messages, those security practices don’t extend to internal chat or file-sharing. Many users are using these tools for the first time this week, opening them up to internal attacks.

 

Employees’ connection to the Internet is no longer behind the corporate security stack

As corporations have moved to Office 365 and other collaboration suites, their users may connect directly to the internet, rather than through the corporate VPN, especially now that the entire office might be at home. There may be no firewall, proxy or URL filtering at home. The security operations team might be blind to what is happening on the local device and have no visibility into the local network. Departments might be setting up impromptu web meetings and collaboration events using tools that are new or unknown to IT.

Recommendation 3: Help Your Team Focus

Your IT Security team is likely challenged with new and unforeseen problems. It requires attention and energy to identify and respond in real time. They need more time and focus.

If the IT Security team is busy with complicated deployments; constantly challenged with tweaking and tuning solutions that don’t work out of the box; whitelisting and blacklisting; overwhelmed by handling false-positives or missed attacks that become security breaches— then as the environment changes due to this global crisis, you will never get the work done.

The principles for a good security solution in a time of crisis are:

  1. Deployed EASILY, without complex configurations or endless tuning
  2. Accurate Detection, that solves the problem and doesn’t add to your team’s workload
  3. REAL Protection, blocking attacks rather than presenting events to chase down

Even more so than before, you need solutions that are “fire and forget.”

These have been the guiding principles for developing the Avanan product. Your email and collaboration platforms are used more than ever before and attacked more than before. In these uncertain times, we can offer you a solution that deploys quickly and just works. That’s what Avanan offers, giving you the time to focus on keeping your business running.