Updating all of your company’s systems is essential to support your staff’s productivity and security. However, most users complain that they do not have the time to add new update packages to their systems.
The consequence of this behavior is that the lack of updates crestes potential risks for your environment.
Traffic generated from email boxes can be especially dangerous for two reasons:
- malicious loads are disseminated through this resource; and
- users are not prepared as expected to identify the e-mail scams.
That’s why it’s crucial to update not just corporate systems, but to apply updates to cybersecurity controls that help protect your users against various types of attacks. We’ve put together 3 cases to show how signatures are essential to prevent suspicious packages received by email from creating risks to your business.
- Traffic from personal email accounts
Your defenses are up-to-date, they monitor the corporate email server, but still a malicious application succeeded to infect one of your company’s devices?
If your policy allows, many corporate users often check their personal email accounts, whose defenses the company has no knowledge of or control. Visibility on the activities of these accounts is low or none. Therefore, it is crucial to study measures that can safeguard your network against possible threats that appear in these media.
A frequent solution is to restrict access to personal accounts through corporate devices, but that is certainly not a very popular measure.
Like we always underline, layered protection is key. A complementary measure is to force the user to authenticate to the firewall before accessing any web applications. Signatures to evaluate traffic of packets will be able to identify the presence of malware, viruses, intrusion episodes, detection of potentially unwanted applications, detection of advanced threats and so on.
- Looks like, but isn’t
Do you know that seemingly reliable link? It is not.
It is very common in social engineering schemes to use domain or email spoofing. Especially in phishing incidents, when the cybercriminals use contextual information to persuade the recipient.
In these cases, the company must consider that their email protections are supported by signatures to analyze URLs. With a broad base of pre-validated and reliable addresses it is possible to filter traffic more accurately.
- No links or files, but still risky
Social engineering schemes don’t rely only on links and malicious attachments to prevail. In many cases, the cybercriminal will not even share any malicious load to engage the user in a scam.
There are alternatives against schemes that do not use malware. Reputation signatures based on IP or sender and recipient domains are instrumental to filter attributes of e-mail messages that contain suspicious information.