hamburger

BitDam Blog

Best Practices for Detecting and Preventing Email-borne Malware in Your Enterprise
Rotem Shemesh
Rotem Shemesh
4 minutes & 7 seconds read · August 15, 2019

Best Practices for Detecting and Preventing Email-borne Malware in Your Enterprise

Email is ubiquitous. There isn’t a home office or global enterprise that doesn’t use multiple email addresses. For hackers, this deluge of emails is a treasure trove. Each one is a potential (and easy) entry point for mischief, which is why 92% of malware attacks gain entry through email.

Malware attacks can inflict severe damage; from sensitive customer or company data being publicly released and put up for sale, to hackers stealing other valuable proprietary digital assets. Any serious loss of data or interruption of service can stop operations cold.

One calculation has estimated the direct cost of a malware attack is $157 per user, and yet the toll due to loss of goodwill and trust within an organization can be even costlier. Upping your game by understanding current best practices for email-borne malware detection and prevention is key to protecting your organization.

Email-Borne Malware Attacks Come in Many Guises

As the variety of email attack options increase, so does their frequency and sophistication. The challenge for enterprises to defend against these content-borne attacks only grows more difficult. Your defense begins by understanding how to detect what email-borne malware looks like.

Emotive subject lines. If it sounds too Buzzfeed-y (“You’ll Never Guess What Happened Next?!!”) or intimidating (“Invoice Past Due”), it can be a bad actor motivating clicks by raising emotions. Once the email is opened, it unleashes a whole new world of malware risks with the goal of taking your sensitive information

Unexpected or unknown sender address. Emails from domains you don’t recognize or that don’t make sense (would the IRS really email you?) are red flags.

Suspicious links within emails. Hackers often embed links that download malware or open up a malicious website. These tactics create an opening for the hacker to capture sensitive data or install small programs that can steal information for as long as they remain undetected. If the link has been shortened or is basically gibberish, it’s suspicious.

Malicious attachments. Email attachments function like suspicious links, they’re just a different delivery system. It’s important to remember that it’s not just .exe files you need to be aware of, the file extensions can seem innocuous enough, like .docx or .pdf. Malicious attachments are popular because they minimize the steps needed to give the hacker entry to your machine or network. A malware attack using a suspicious link often requires you to take action on the malicious website before the attack succeeds. A malicious attachment cuts out that step.

Information verification requests. As Angel Grant, Director of Identity, Fraud and Risk Intelligence at RSA Security comments, “data has really become the new currency.” There’s a bustling market for stolen personal and corporate data; any email that’s asking readers to confirm, review, or provide information should be treated with suspicion.

Instead of leaving it for the end-user to decide, the goal of your enterprise should be to keep these emails from ever reaching the inbox. That’s where the systems-grade defense comes in.

4 Best Practices for Preventing Email Malware Delivery

The following presents five best practices your IT department can implement to reduce the risk of email malware getting to the inboxes of employees.

  1. Stay current with all security updates and patches. The flow of OS and software version updates never ends, nor the security updates and patches. Set processes to regularly check for updates and install them as soon as they become available.
  2. Implement a breach and attack simulation (BAS) tool on your network. BAS tools go beyond penetration testing and vulnerability assessments. They continuously simulate attacks so you can see what kinds of cyberattacks would be successful and the scope of damage they might do. Here is an example for a BAS which you can try.
  3. Set up IP and email address blacklists and whitelists. A blacklist blocks emails from certain domains or IP addresses, while a whitelist holds addresses that your network can trust.
  4. Take advantage of available protection, remediation, and endpoint protocols. Develop a process of protocols that includes regular installation and updates for all of your software, not just antivirus programs. Avivah Litan, Vice President and Distinguished Analyst at Gartner Research sets out a concise checklist of these protocols here. Litan explains, “The bad guys are much less likely to get through multiple layers and their chances of success decrease proportionately to the number of layers that an organization deploys.”

Smooth and Seamless Email Security

When your organization develops formal plans based on best practices to detect and prevent email-borne malware, you’re going a long way to address known, detectable cybersecurity threats. But what about those threats that aren’t yet known?

New Cloud-based Advanced Threat Protection (ATP) tools are available to block both known and unknown threats contained in any type of file or URL, protecting your email, cloud drive, and messaging apps. Platforms such as BitDam integrate with your security infrastructure, delivering robust and advanced protection while running quietly in the background and not disturbing the workflow in an organization.