June 6, 2017. On May 30, 2017, the Portland, OR office of the Federal Bureau of Investigation issued a news release entitled: FBI Tech Tuesday: Building a Digital Defense with an Email Fortress. The news release provides recommendations for your organization to harden its email system to prevent it from being a defenseless gateway for phishing attempts inducing your workforce members to execute malware on what appear to be legitimate email communications. We present below the recommendations, but recommend that your organization download the news release and circulate the news release with the FBI imprimatur in your organization to call attention to this important matter for foiling successful cyber phishing attempts to penetrate your organization’s information systems.
* “Don’t use free web-based e-mail accounts for your business. Establish your own domain and create e-mail accounts based on that domain.
* “Ensure that your firewalls, virus software, and spam filters are robust and up-to-date.
* “Immediately report and delete suspicious e-mails, particularly those that come from people you don’t know.
* “If you receive an e-mail from someone who appears to be a legitimate contact; but you are wary, make sure you “forward” it back to the sender. Do not hit “reply.” That way you can manually type the known e-mail address or find it in your established contact list to confirm authenticity.
* “Don’t click in a moment of panic. Fraudsters often use social engineering to stress you out so you will act quickly without thinking. Check before you click.
* “Consider two-factor authentication for employee e-mail. This would include something you know (such as a password) and something you have (such as dynamic/changing PIN or code.)
* “Create a security system that flags e-mails with similar—but incorrect—formatting. For instance, you may regularly do business with Joe at ABC_company.com, but are you going to notice if one day the e-mail comes from Joe at ABC-company.com?
* “Make sure your e-mail is encrypted in-transit if you are putting sensitive information into it.”
Your organization’s Security Official should include these FBI recommendations, as appropriate, in your organization’s safeguard policies and procedures and training, and should discuss them in workforce member meetings as security reminders.