• Connect With Your Ottawa IT Service Company at (613) 828--1280

Last month, Microsoft announced that they are extending the coverage of their enhanced anti-spoofing capabilities – what will that mean for you? More importantly – if you haven’t been aware of spoofing until now, what else could you be missing?

You don’t need to be told how important something like cybersecurity is – it’s obvious after all. Everyone knows the consequences of unsecured technology.

However, your cybersecurity may not be up to snuff. Not because you don’t think it’s important, but because you have other things on your mind.

Your clients. Your employees. Your business as a whole.

Despite all that, if you don’t deal with cybersecurity it in a proactive manner now, with the right tools and technology to prevent any problem, you’ll just after to deal with it later – a.k.a. damage control.

Security can be a complicated and scary subject that’s often ignored because of those same reasons. Most cannot confidently claim that their business is secure.

Can you?

What Is Spoofing, And Why Should You Be Concerned?

Most modern cybercrime tactics are based on technical vulnerabilities. Hackers force their way into a system by taking advantage of out of date software, or unencrypted data, or an inadequate firewall.

Naturally, if you know your security software is patched and updated, and you know you have a reliable firewall and antivirus solution, then you must be safe, right?

Wrong.

An increasingly common cybercrime tactic today doesn’t rely on technical vulnerabilities at all. It relies on the assumptions your employees make every time they open an email.

Email spoofing is a method in which the cybercriminal makes an email appear as though it was sent from somewhere it wasn’t, such as a client’s, vendor’s, or even superior’s email address. Spoofing may be used to trick someone into downloading a virus or revealing confidential information.

Consider, for example, your HR manager in charge of payroll; a hacker could send a spoofed email to that employee asking for confidential employee information. The HR manager would never give that info to a stranger, but if they thought the email was from their superior, they might go ahead and send it.

While spoofing isn’t harmless, a spoofer doesn’t need access to the email account to spoof it; they can use software to have your address show up in the sender field.

How Can You Defend Against Email Spoofing?

While there are some tips for anti-spoofing below, the good news is that Microsoft is here to help. As of October 15th, 2018, Microsoft has extended the coverage of their enhanced anti-spoofing capabilities.

How does this affect you?

You now have access to enhanced anti-spoofing functionality that utilizes cloud intelligence, sender reputation, and patterns to identify potentially malicious domain spoofing attempts.

This will work in conjunction with existing standards-based email authentication checks (DMARC/DKIM/SPF) that Microsoft apps already undertake. When enabled, any incoming emails that fail the extended implicit authentication checks will be automatically sent to the junk mail folder.

What Other Cybersecurity Practices Should Be Implementing?

Regardless of this new capability being offered by Microsoft, you should still keep the following essential tips in mind when it comes to your cybersecurity:

Additional Tips To Stop Spoofing:

  • Deploy Domain Level Email Authentication Tools – These enable an entity’s email servers to verify that an email is claiming to be from a particular business came from a domain authorized by that business.
  • Use A Domain Message Authentication Reporting & Conformance (DMARC) Tool – This enables an entity to both learn how the sender of the phishing or spoof email is misusing an entity’s domain, and tell the receiving email computer server how to treat messages that claim to be from an inauthentic entity’s domain.

Develop Strong Password Policies:

Even though passwords are the most direct way to access a user’s private information, most passwords in use today are not strong or sophisticated enough.

Passwords protect email accounts, banking information, private documents, administrator rights and more – and yet, user after user and business after business continues to make critical errors when it comes to choosing and protecting their passwords.

Have you made those same mistakes?

Make sure that you and your employees understand the following when choosing and managing passwords:

  1. Length and Complexity: Keep in mind that the easier it is for you to remember a password, the easier it’ll be for a hacker to figure it out. That’s why short and straightforward passwords are so common – users worry about forgetting them, so they make them too easy to remember, which presents an easy target for hackers.
  2. Numbers, Case, and Symbols: Another factor in the password’s complexity is whether or not it incorporates numbers, cases, and symbols. While it may be easier to remember a password that’s all lower-case letters, it’s important to mix in numbers, capitals, and symbols to increase the complexity.
  3. Personal Information: Many users assume that information specific to them will be more secure – the thinking, for example, is that your birthday is one of a 365 possible options in a calendar year, not to mention your birth year itself. The same methodology applies to your pet’s name, your mother’s maiden name, etc. However, given the ubiquity of social media, it’s not difficult for hackers to research a target through Facebook, LinkedIn, and other sites to determine when they were born, information about their family, personal interests, etc.
  4. Pattern and Sequences: Like the other common mistakes, many people use patterns as passwords in order to better remember them, but again, that makes the password really easy to guess. “abc123”, or the first row of letters on the keyboard, “qwerty”, etc., are extremely easy for hackers to guess.

Consider Multi-Factor Authentication:

Multi-factor Authentication (MFA) is a superior way to keep your data more secure. MFA requires the user to utilize two methods to confirm that they are the rightful account owner.

There are three categories of information that can be used in this process:

  • Something you have: Includes a mobile phone, app, or generated code
  • Something you know: A family member’s name, the city of birth, pin, or phrase
  • Something you are: Includes fingerprints and facial recognition

What are the benefits of a Multi-Factor Authentication solution?

  • Bring Your Own Device: In today’s modern business world, more and more employees prefer to do at least some of their work through their mobile devices, which can present a serious security risk. However, with an MFA solution, you can enroll new employee devices in minutes, given that there’s no need to install an endpoint agent.
  • Convenient Flexibility: A Multi-Factor Authentication solution won’t force you to apply the same security policies to every user in the company. Instead, you are given the capability to specify policies person by person or group by group.

Sound complicated? It can be, but the good news is that Fuelled Network will help. We’ll provide robust, extensive cybersecurity support for you and your employees so you can recognize email spoofing and other cybercrime tactics accordingly.

Like this article? Check out Skype to Microsoft Teams: Hints and Tips for Making the Move,
10 Tips for Future CIOs, Mobile Note Taking With Microsoft OneNote to learn more.

Published On: 11th December 2018 by Ernie Sherman.