It’s no surprise that phishing remains one of the biggest problems that companies face. Phishing attacks are responsible for a majority of data breaches and other cybersecurity incidents that happen around the world.

And things have been getting worse.

Here are a few recent indicators that not only does phishing remain strong, but that it’s becoming even more of a problem:

• In March, the FBI put out an alert about phishing and COVID-19 fraud schemes
• In April, a joint alert by US and UK cybersecurity agencies warned of a “large volume” of phishing campaigns
• Microsoft 365 was updated recently with anti-phishing protections like “spoof intelligence.”

And while a company may have excellent managed antivirus protection to safeguard their network from a phishing attack, there is another way they can be impacted.

One of the problems for businesses when it comes to phishing doesn’t have anything to do with receiving the phishing emails, it has to do with its email address being used in the “From” line of a phishing campaign.

When a cybercriminal sends out phishing emails, they often want to use a trusted company name in the “From” section of the message. This often tricks the recipient into believing the email is from that company even through it was sent by another email address altogether.

This is called email spoofing, and it can cause two major problems:

• Recipients believe the company in the “From” line is sending spam and phishing and it can harm the company’s reputation as a result.
• A company’s legitimate emails can get bounced from mail servers because of increased protections put in place by mail server providers (like Microsoft) against email spoofing.

How do you stop both those problems? 

You can stop this by adopting a three-tiered system of email message authentication using SPF, DKIM, and DMARC.

How SPF/DKIM/DMARC Email Authentication Helps Your Business

When Microsoft beefed up their email spoofing detection in their mail service last month, it caused businesses to begin to see new problems with their emails never making it to recipients or their client emails not making it to them.

Why did this happen when they weren’t sending phishing or spoofing an email?

The main reason is the use of cloud services to send emails on behalf of a company, and a company not using proper email authentication.

For example, if you are sending out email through a CRM service like Zendesk, you can designate the email you want shown in the “From” line, such as “[email protected].” 

But if you haven’t set up your mail server with proper authentication, then the incoming mail server will see that the domain address of the server sending the mail (Zendesk) does not match that of the domain in the “From” line and can mistake it for email spoofing.

What typically happens is that the recipient’s mail server will send the message to a “Junk” or “Quarantine” folder or reject it and not deliver it at all.

This is why the three email authentication steps are important. They’re set up on your mail server or service and embed details in the message to let the incoming mail server know that the message is not phishing or email spoofing.

Here’s how all three work together to protect both your reputation and your mail delivery.

Sender Policy Framework (SPF)

This first authentication protocol gives you the ability to tell the receiving mail server which IP addresses are approved to send messages on your domain.

This lets the receiving mail server know if a phishing attacker is spoofing your domain address in the message without your permission. It can also let them know that you’ve approved a 3^rd party app (like Zendesk, Constant Contact, etc.) to send mail with your domain in the “From” line so it won’t reject it. 

DomainKeys Identified Mail (DKIM)

DKIM goes a bit farther with the authentication. It uses two encryption keys, one that travels with the email and one that stays on your mail server. When the message is received, the mail service can check those keys to ensure that the message address or other important details have not been altered.

This is another verification that the server sending the message is approved for that domain address.

Domain-based Message Authentication, Reporting, and Conformance (DMARC)

DMARC brings everything together and provides important instructions to the receiving mail server.

This protocol checks that both SPF and DKIM have authorized correctly. It tells the mail server what to do if they don’t match (i.e. reject the message). DMARC also can tell the receiving mail server to report back about any messages that have passed or not passed the authentication.

This last step is important because it can instantly alert you if someone is trying to spoof your email address in a phishing attack.

Get Help Setting Up Email Authentication from Digital Crisis

Email restrictions are only going to be getting stronger to combat phishing attacks. Now is the time to enact email authentication to protect your information flow and reputation. 

Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.

No matter what industry you work in – legal, accounting, retail, or something else – document security can quickly become an issue. How do you ensure sensitive documents aren’t accidentally emailed to the wrong person or that confidential files can’t be copied?

If you’re just using folder security at the basic level in your cloud services, that’s not going to help prevent an email with an employee’s SSN being sent to the wrong email address. 

34% of surveyed organizations have had sensitive data compromised due to poor document handling practices.

If you’re one of the millions of Office 365 business users, you have a powerful tool at your disposal that can help you solve the document security issue.

Sensitivity labels in Office 365 allow you to tag documents based on content. Those tags can then be attached to specific security policies, such as:

• Do not copy
• Add watermark
• Not to be shared externally
• Track content and how it’s used
• Encrypt the document

What type of content do sensitivity labels protect?

Sensitivity labels can be applied to:

• Word documents
• Excel spreadsheets
• PowerPoint presentations
• Outlook email messages

More recently, Microsoft has added the ability for these labels to be applied to the following containers:

• Microsoft Teams sites
• Office 365 groups
• SharePoint sites

How are sensitivity labels applied?

Sensitivity labels can be applied manually by the user or by an administrator. They can also be applied automatically based upon the content of a document or email.

Administrators can additionally set up safeguards to ensure all documents as they’re created have a sensitivity label. They can:

• Set a default sensitivity label for all documents 
• Require users to apply a sensitivity label before a document can be saved 

Image source: Microsoft

Where are sensitivity label policies enforced?

Because sensitivity labels are applied at the document level, they can follow the document throughout a number of your workflow areas. Including:

• Office applications across different platforms
• Multiple third-party apps, such as Salesforce, Dropbox, etc.

How Can I Use Sensitivity Labels at My Business? 

There are a number of benefits to using sensitivity labels for document security of your MS documents and emails. Here are some smart ways you can deploy them.

Use Label Customization to Be Specific

Sensitivity labels are completely customizable, meaning you don’t have to follow just “classified, public, etc.” designations.

Look at how your organization uses your documents and how they need to be protected and customize your labels to match your needs.

For example, you may have an R&D department that works on upcoming products. Instead of using just a “confidential” label, create one for “R&D Only” that you can apply specific security policies to. This makes it completely clear to your users who has the ability to read/share/copy documents with that sensitivity label.

Take Advantage of Marking and Watermarks

Users might not always look at the taskbar of a document to see its sensitivity label. But if you apply a watermark across the file that says “for internal use only” they can’t miss it.

You can mark content by adding headers, footer, or watermarks automatically based upon the sensitivity label of a document. The only type of content these markings can’t be applied to are emails.

Help Users Know What Label to Apply

You can reduce user confusion over which sensitivity label a particular document they’re creating should have. Microsoft gives you a couple of options to do this.

1. Prompt users with a sensitivity label recommendation based upon the content. You can add a message at the top of the screen that explains why that label is recommended.
2. Create a custom help page that appears as a “Learn More…” option in the label drop down. This page can give users instructions on how to choose the right label for a document.

Use Labels for Tracking Documents

Sensitivity labels don’t have to apply a specific security policy, they can also be applied to track document usage.

For example, if you’ve sent out a new employee training document and want to know how it’s being received, you can tag it with a sensitivity label that allows you to see how often that document is being opened and shared.

Require Justification for Changing a Label

One loophole that could put a protected document in danger is if a user changed a document’s sensitivity label to a less protected setting.

You can prevent this from happening by setting up a rule that requires users to give justification before a sensitivity label can be changed on a document.

Use Encryption Settings for Better Protection

Sensitivity labels allow you to apply encryption settings to documents and emails that can deploy a number of protections.

These include:

• Only allowing users in your company to open a document or email
• Time limit content availability, such as a price list 
• Restrict the ability to copy or forward information in an email
• Create group specific permissions for ability to edit a document

Learn How to Do More with the Tools You Use

Digital Crisis helps companies in multiple industries throughout the Greater Houston area get the most out of the cloud tools they’re using. Don’t miss out on important features, get help customizing your applications!

Contact us today to schedule a consultation. Call 713-965-7200 or reach us online.