Last month, Microsoft announced that they are extending the coverage of their enhanced anti-spoofing capabilities – what will that mean for you? More importantly – if you haven’t been aware of spoofing until now, what else could you be missing?
You don’t need to be told how important something like cybersecurity is – it’s obvious after all. Everyone knows the consequences of unsecured technology.
However, your cybersecurity may not be up to snuff. Not because you don’t think it’s important, but because you have other things on your mind.
Your clients. Your employees. Your business as a whole.
Despite all that, if you don’t deal with cybersecurity it in a proactive manner now, with the right tools and technology to prevent any problem, you’ll just after to deal with it later – a.k.a. damage control.
Security can be a complicated and scary subject that’s often ignored because of those same reasons. Most cannot confidently claim that their business is secure.
What Is Spoofing, And Why Should You Be Concerned?
Most modern cybercrime tactics are based on technical vulnerabilities. Hackers force their way into a system by taking advantage of out of date software, or unencrypted data, or an inadequate firewall.
Naturally, if you know your security software is patched and updated, and you know you have a reliable firewall and antivirus solution, then you must be safe, right?
An increasingly common cybercrime tactic today doesn’t rely on technical vulnerabilities at all. It relies on the assumptions your employees make every time they open an email.
Email spoofing is a method in which the cybercriminal makes an email appear as though it was sent from somewhere it wasn’t, such as a client’s, vendor’s, or even superior’s email address. Spoofing may be used to trick someone into downloading a virus or revealing confidential information.
Consider, for example, your HR manager in charge of payroll; a hacker could send a spoofed email to that employee asking for confidential employee information. The HR manager would never give that info to a stranger, but if they thought the email was from their superior, they might go ahead and send it.
While spoofing isn’t harmless, a spoofer doesn’t need access to the email account to spoof it; they can use software to have your address show up in the sender field.
How Can You Defend Against Email Spoofing?
While there are some tips for anti-spoofing below, the good news is that Microsoft is here to help. As of October 15th, 2018, Microsoft has extended the coverage of their enhanced anti-spoofing capabilities.
How does this affect you?
You now have access to enhanced anti-spoofing functionality that utilizes cloud intelligence, sender reputation, and patterns to identify potentially malicious domain spoofing attempts.
This will work in conjunction with existing standards-based email authentication checks (DMARC/DKIM/SPF) that Microsoft apps already undertake. When enabled, any incoming emails that fail the extended implicit authentication checks will be automatically sent to the junk mail folder.
What Other Cybersecurity Practices Should Be Implementing?
Regardless of this new capability being offered by Microsoft, you should still keep the following essential tips in mind when it comes to your cybersecurity:
Additional Tips To Stop Spoofing:
Develop Strong Password Policies:
Even though passwords are the most direct way to access a user’s private information, most passwords in use today are not strong or sophisticated enough.
Passwords protect email accounts, banking information, private documents, administrator rights and more – and yet, user after user and business after business continues to make critical errors when it comes to choosing and protecting their passwords.
Have you made those same mistakes?
Make sure that you and your employees understand the following when choosing and managing passwords:
Consider Multi-Factor Authentication:
Multi-factor Authentication (MFA) is a superior way to keep your data more secure. MFA requires the user to utilize two methods to confirm that they are the rightful account owner.
There are three categories of information that can be used in this process:
What are the benefits of a Multi-Factor Authentication solution?
Sound complicated? It can be, but the good news is that Fuelled Network will help. We’ll provide robust, extensive cybersecurity support for you and your employees so you can recognize email spoofing and other cybercrime tactics accordingly.
Like this article? Check out Skype to Microsoft Teams: Hints and Tips for Making the Move,
10 Tips for Future CIOs, Mobile Note Taking With Microsoft OneNote to learn more.
Published On: 11th December 2018 by Ernie Sherman.