Email, the easiest way for a hacker and spammer.

Faisal I. Faisal I.

Faisal I.

CISO | National PKI Compliance Leader | Cybersecurity Advisor to Federal Govt | Digital Transformation Strategist

发布日期: 2017年6月1日
+ 关注

After recent wanna cry ransomware attack, there is a strong message hacker would follow easy target. Email communication is easiest among them. Recent attack trend also shows that major target of such organization are corporate companies user and its higher management.

Email is always easy way of target because it can facilitate multiple option for hacker like remote code download and execution, virus or ransomware download etc. If you have enable auto download option, you will provide more ease to the hacker. After compromising your account, hacker can target your multiple contacts or your frequently used contacts. And the piece of cake for hacker is, if a user clicks an infected url share via email, it can properly exploit the system without alarming your firewall and even your antivirus too.

Here are some suggestions for securing your public email and your corporate email account.

Public email account:

If you are using email account like yahoo, Gmail, Hotmail. Use the following tips.

1.      Use unique password for every social account. Some people use common password for all social account. Compromising one among them can risk them all.

2.      Use multi-factor authentication; Multi-factor authentication can include your alternative email and your phone number.

3.      Do not provide your information to any unauthentic source like bank or advertisement email.

4.      Be careful; some time a spoofed email can be from your trusted contact that invite you to send some money or click some suggested links.

5.      Whenever you got spoofed email or show that your trusted contact is in trouble or need money or need help, first find the authenticity of person by asking common question like where do we first met? Or what yours mother median name or like that. Only those question that you and your trusted contact know and hacker don not know.


Corporate email account:

The corporate should consider server layer of security for their email solution. In old time the spam solution or signature base threat control was enough but now we need more and more.

1.      Avoid basic free email solution that don’t have sophisticate security system.

2.      Install security system for email that have can block signature-less   threat, phishing email, URL validation and checking, multiple layer decryption of encrypted file attachment.

3.      Optimize your white listed domains on corporate email server.

4.      Group the people base on their target, special people like CEO and higher management should be place in group that have customize and maximum security

 


要查看或添加评论,请登录

Faisal I.的更多文章

社区洞察

其他会员也浏览了