Time
55 minutes
Difficulty
Beginner
CEU/CPE
1

Video Transcription

00:00
this is and user email. Security Course. My name is Melanie Heritage, and in previous video, you have been able to learn who is responsible for your dream and security in the company. And what are the responsibilities of different departments and different people within the company.
00:19
In this video, I will talk about
00:22
of what are the ways to make sure that your and use email security in your company or your corporation
00:32
is good enough and who has to be involved in it,
00:38
and whether the steps that need to be taken
00:41
so
00:42
first step is very important. It's getting more and more important every day,
00:49
and this is to suggest using past phrases instead of passwords, so past phrases or sentences are much
00:56
harder to crack.
00:59
Um,
01:00
and this is the first thing, and I'm going to talk about this in detail a little bit later.
01:06
So the second step is
01:08
to avoid if it's possible, use of May bail over unsecured connections
01:14
because, for example, if you need to read your email warrior while you're on holiday, which is more, more common thing,
01:21
Uh, and then you just love from, Ah Cafe disco. Fake can be a place where they are simply monitoring your, uh, connection.
01:32
And they have a key logger. And whatever you type,
01:37
they know. So once you look out and in the evening, when you go to bed, they can log in again
01:45
and use your logging to read your email or to use your email from a Web,
01:52
uh, the interface to basically send spearfishing toe other colleagues in your company to people who have been sending emails on a regular basis that looks like it's from you.
02:05
And then that email would in fact, their PC's.
02:10
Then ah,
02:13
to enforce the policy. You, for example, email attachments to be saved and scanned before the opening, so you just cannot double click on the attachment in the email. You have to save it on the hard drive, do the skinning and then open it off course. This is not 100% safe,
02:32
but it gives you much higher level of protection.
02:38
Then the the thing that has to be done as well is to train employees or 90 security.
02:46
Ah, HR needs to define policy and reckless employee behavior.
02:51
So, um,
02:53
this is all the parts of what nature has to do so. Somebody has to organize this training. Make sure that each and every employee goes there. It doesn't have to be one on one training in Cabbie West. Best training. Like this Course you're listening. Tow. It can be a simple explanation. What can be
03:09
happening when you open the phishing email? How to recognize phishing emails. How to
03:15
deal with phishing emails if you are suspicious off one.
03:20
Ah, And, uh, then ah,
03:23
just to tell people.
03:25
Okay, the good days are over. We are constantly under attack. You cannot behave irresponsible anymore. And if you do, there is a fair chance that we'll find out that you are the one that
03:42
broke the security of the company and you should suffer the consequences of that.
03:47
And of course, if there isn't wonder should be anti anti phishing team.
03:53
And to make sure that so this is most more to the the I T. Security Department that they have people that are in charge of fishing
04:02
which can receive your email and in in a safe environment which is not connected to a network. Open it, see if it contains
04:12
Andi malicious code. If the links are connected toe malicious website. If the attachments are infected and if everything is OK, then they can release it or they can just say No, no, no, this is a fishing.
04:30
Delete that email, don't don't have it anymore,
04:33
and hr again has to make sure that everybody knows about this. And what are the procedures on how to deal with emails? You think that our
04:46
phishing emails.
04:48
So when we talk about past phrases versus passwords
04:54
So I'm not going to go into technology off hacking the password, hashing in windows, for example on your server.
05:02
But, uh,
05:04
people tend to use passwords that they're easily easy to remember that are simple.
05:12
But these air bed passwords and they can be cracked were easily
05:15
so. For example, my name is Millan and I was born in in 1966. So I make my password, Mylan 1966
05:26
This is very, very bad password. I don't use something like that's now. Some people think that they're smart and they do something like the next line, which is m one l a N c three t one c 1966
05:42
Thinking that this is much harder to crack. No, it isn't.
05:45
This is almost a simple to crack as the simple one before and hackers, they have a tendency to
05:55
just, you know, they know about these things, and they can use it to check if they can
06:02
break into my account
06:05
or in my email account.
06:08
Now. Good pass phrase should be
06:12
a sentence with the older spaces. I was born in the year in the 1 1966
06:18
so
06:19
this is much longer.
06:21
UH, it can be even. My name is Milan Strategy. I was born in year in 1966 2 sentences. It's long, it's long type, But remember, when you
06:31
setting up your email client, you're typing your email just the one time,
06:36
and then it does all the things for you. But this password or past phrase or passed sentence is much harder to crack,
06:46
and the excellent
06:48
password would be those two that I have written below.
06:55
And because I'm from Serbia, I speak Serbian,
06:59
and I combined the name of the year
07:02
Aziz one very long word in which I, uh instead of,
07:10
you know, typing 19 sixes. I made it like like word, so I was born in,
07:16
and then
07:18
the year
07:20
and the next one is even better if it's possible, because it's ah
07:26
in Cyrillic as well.
07:28
And ah, to crack this password in
07:34
for hacker is ah is a quite difficult Think so This is the way,
07:44
uh, to
07:46
make sure that your past for these much more secure than it is
07:49
now if you have a PC and you're logging into your PC on a daily basis, this can be, um,
07:59
much more difficult for them to crack if you have, ah, to level authentication, for example, if you're authenticating video fingerprint and your password.
08:09
But if you're logging into email, your password is the only protection. And
08:13
this is why the use of pass phrases instead of past for it is very important.
08:22
So, um,
08:24
scanning attachments before opening is the another thing that has to be done
08:31
on the regular basis.
08:33
There are ways, and there are suffer slash hardware solutions that can automatically
08:41
when you try to open any attachment in email, we'll open it in protected mode where you can view it only know executable is running. No, no html code whatever
08:54
or XML cold, Um,
08:58
and to view it and to enter. For example, if you're receiving Excel file. If you want to edit it, you actually have to save it on your hard drive that stop or wherever,
09:09
Then it gets canned,
09:13
and then you can open it. So
09:16
if you if you're I can establish this way off dealing with,
09:20
ah, attachments to your emails or you should do it manually. Slower is it's more complicated, but it's much, much safer. So, as I said, this is not 100% sure assurance,
09:35
but it gives you much higher probability that you will avoid some kind of caliber in your attachment.
09:46
So the third part of the whole equation is anti phishing Dean,
09:52
and this is a team that should be in every company, even small ones. Okay, they don't have to be separate team. They can be some people in I t with the extra
10:05
things that have to do regarding fishing,
10:09
and they they should make themselves visible to the people so they have some kind of regular newsletter or some kind of information center, all in please. On the regular basis.
10:22
They should define efficient filtering policy.
10:26
A. They should act extremely fast and respond to employ even faster. So if you re so, if you receive an email that you think is the fishing, you send it to anti phishing team. So you follow the procedure 100% you should receive in response within half an hour top, maybe even faster.
10:46
Okay, of course, there is matter off funds and the cost of such fast team. But if you don't respond, if you don't receive the response in in a timely manner, you might think of it doesn't matter. I will open it anyway.
11:03
So people have to be informed very fast and they should be,
11:07
you know, praised for acting responsibly. And if they catch a phishing email, they should be, you know, their managers should be informed and said Okay, this guy has stopped the propagation of fishing.
11:20
Thank you.
11:22
Whatever.
11:24
And of course, this fishing team should be able to enter fishing. Team should be able to remotely shut down pc of infected user. I personally once
11:35
before
11:35
had the when I was working for a very big corporation, I received an email from ah person. I actually knew, but just slightly. And that person was actually working for my company,
11:48
and it was a phishing email because he was on a business trip
11:54
and he was in a public space and somebody has managed to take over his email account
12:01
and start did sending email. So I was in his contacts bays,
12:07
and I received an email from him, but there was absolutely no reason for him to be sending that to me. So I reported that the fishing team anti phishing team
12:16
and they simply shut down his PC remotely because he was sending that to all off the people within the company.
12:26
So these are the things that have to be done to make sure that your end user email protection is up to the task.
12:37
And in this we steer, you have seen how to
12:43
do it and who has to be involved.
12:46
So,
12:48
uh, this is the end of this lesson.

Up Next

End User Email Security

This course will give you the basic ideas on the importance of end user email security, how an email is used to breach security, who is responsible for maintaining email security to the adequate level and the things you need to do to reach that goal.

Instructed By

Instructor Profile Image
Milan Cetic
IT Security Consultant
Instructor