FBI Releases Guidance on Hardening Security Defenses in Your Organization’s Email System to Thwart Phishing Attempts

FBI Cyber

compliments of hackread.com

June 6, 2017. On May 30, 2017, the Portland, OR office of the Federal Bureau of Investigation issued a news release entitled: FBI Tech Tuesday: Building a Digital Defense with an Email Fortress. The news release provides recommendations for your organization to harden its email system to prevent it from being a defenseless gateway for phishing attempts inducing your workforce members to execute malware on what appear to be legitimate email communications. We present below the recommendations, but recommend that your organization download the news release and circulate the news release with the FBI imprimatur in your organization to call attention to this important matter for foiling successful cyber phishing attempts to penetrate your organization’s information systems.

 

FBI Recommendations

 

* “Don’t use free web-based e-mail accounts for your business. Establish your own domain and create e-mail accounts based on that domain.

 

* “Ensure that your firewalls, virus software, and spam filters are robust and up-to-date.

 

* “Immediately report and delete suspicious e-mails, particularly those that come from people you don’t know.

 

* “If you receive an e-mail from someone who appears to be a legitimate contact; but you are wary, make sure you “forward” it back to the sender. Do not hit “reply.” That way you can manually type the known e-mail address or find it in your established contact list to confirm authenticity.

 

* “Don’t click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.

 

* “Consider two-factor authentication for employee e-mail. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.)

 

* “Create a security system that flags e-mails with similar—but incorrect—formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the e-mail comes from Joe at ABC-company.com?

 

* “Make sure your e-mail is encrypted in-transit if you are putting sensitive information into it.”

 

Your organization’s Security Official should include these FBI recommendations, as appropriate, in your organization’s safeguard policies and procedures and training, and should discuss them in workforce member meetings as security reminders.

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)