End User Email Security

Using emails as an attack vector remains the most popular method for getting into a network. Despite all the efforts and large percentage of IT budgets being spent in protecting the systems, companies are breached day in and day out. Daily, we hear of small to large corporations, even critical infrastructures, being breached. One might think that IT has them covered with all those tools and antivirus installed, but it isn't so. All it takes is falling once for a phishing email and handing over the keys of the kingdom to the attackers. The "End User Email Security" course is designed to teach the best practices for anyone using emails to prevent them from falling for the lure of hackers and handing over their access to the attacker.

Following the introduction, which shows some shocking statistics of how people are still very prone to phishing, the instructor walks through various techniques used via emails to breach the security. Phishing is used by attackers to send malicious emails to get a foothold in the environment. The term itself is derived from "fishing." The idea is to send these malicious emails, containing either attachments or links, that allow the attacker to get the credentials of the end-user, or get the recipient to execute malware disguised as legitimate files (.e.g, pdf, image, document) by clicking and opening them. Spear phishing is phishing, which is more directed at the particular end-user receiving the mail. It is designed with the motive to convince the end-user to open it and perform the actions that the attacker wants. Spear phishing is targeted as it imitates a legitimate email, or its language is very convincing for the end-user. It might also be disguised as something that an end-user would have expected entering his/her email box.

Another technique being used is embedding the malicious code within the HTML content of a mail. This enables the action of just opening the email to execute the malicious code and infect the system. All the Office files are actually in XML format. Behind the scenes, there is some code running which can be tampered with to include malicious code that gets executed when the email is opened. PDF files may include some hidden objects or system commands, which may lead to the execution of malicious code upon opening them. If there is any suspicious email, it should be reported immediately per the company policy.

Who is responsible for email security?

It is a shared responsibility. The responsibilities of various departments - whether IT, HR, Security, or the end-user - is wonderfully explained by the instructor. There are sometimes conflicts between IT and IT security, but properly defining the roles and responsibilities of each will avoid these conflicts. The HR department defines the policies which are important for ensuring people are serious about the matter and follow best practices. IT and IT security define the policies to ensure that the accounts can't be brute-forced easily. They also ensure that the tools and software used are updated regularly.

There should be a filtering service to ensure that new emails are properly scrutinized before landing into the end-users mailbox. Before reintroducing into the user's environment, any systems sent to be repaired must be hardened as per the company's policies.

HR needs to provide regular training to employees about phishing. In case of violations, policies detailing appropriate punishment need to be in place. End-users need to be cautious with emails. Don't open suspicious emails. After opening emails, don't click on the links. Attachments in the emails can be copied to the disk and scanned before opening them.

What does good email security look like?

The instructor walks through some of the best security practices. Some of the best hygienic cyber practices are having a strong password, which is difficult to guess, using passphrases instead of simple passwords, and avoiding using webmail via unsecured connections (there might be keyloggers capturing your passwords).

Once your credentials get compromised, emails containing malicious attachments and code can be sent out to trusted colleagues. Employee training about how to identify phishing must be in place, and employees should know whom to reach out for reporting suspicious emails. Employees should be made aware of the best password policies and encouraged to use very strong passwords. If possible, 2FA should be enabled. Scan the attachments before opening them. The anti-phishing teams should be readily available, quick to respond to any queries, and visible to all employees.

The course wraps up with a quick walkthrough of the course. Phishing is very lucrative for attackers. People need to understand and follow best practices to avoid phishing. There is no full-proof method to protect against phishing, but the best prevention is following best practices. So keep your eyes open for something that arrives in your mailbox that is unexpected. Always remember: all it takes is one wrong click to hand over your keys of the kingdom to attackers.