Let’s say that you receive an email from a software vendor, say, Microsoft. When you are contacted by a major company like this, do you automatically assume that it’s secure, or are you skeptical that it’s a scam? Ordinarily, it might not seem like a big issue, but all it takes is one click on an infected attachment or malicious link to infect your business’s infrastructure.
According to a Swedish cybersecurity firm called Detectify, there are major online domains that are at risk of email spoofing due to misconfigured server settings. Email spoofing is the act of sending a message, while masking the true email address that it comes from. This allows hackers to forge the sender address to suit their needs. Generally speaking, email messages don’t have automatic authentication built into them. This is something that must be configured on the server side of things.
Thankfully, there are ways to properly configure your email server, but unless you’re a hardcore techie, you run the risk of either configuring the system incorrectly, or changing settings that may compromise your security. Yet, it’s still important to keep in mind how the solutions that prevent email spoofing, work. Here’s a breakdown of the details:
You might be wondering why we’re even bringing this up, and it’s because Detectify discovered that, out of the top 500 sites on the Internet, 276 of them can be spoofed. Detectify considers servers that don’t have SPF or DMARC configured correctly to be vulnerable to email spoofing - this includes using no SPF at all, using SPF with softfail only, and using DMARC with action none. Therefore, you need to take measures to ensure that your team knows how best to identify spoofed email domains, and phishing messages in general. If you don’t, you could be placing your business in harm’s way. On top of that, you’ll want to make sure your email server is configured to not allow your email domain to get spoofed.
The best way to keep your employees from falling into this trap is by ensuring that you’ve educated them on security best practices, and to limit their exposure to such threats in the first place. This includes taking the time to explain to them how phishing threats and other security discrepancies behave, as well as implementing solutions to keep suspicious messages out of your inbox in the first place.
Your business needs to consider security a top priority, and only NetWorthy Systems can help. Reach out to us at 877-760-7310.