Email is at heart of so many businesses, yet it is one of the most flawed methods of communication with over 50% of all email traffic unwanted spam. Email security solutions can be bypassed, via legitimate services, but you can still identify the outliers that make it through. Main points covered: • Why are we in such a mess with email? • How criminals can bypass email security • How email security also needs web security • Habits to increase your email security Presenter: Nnick ioannou is an IT professional, blogger, author and public speaker on cloud and security issues, with over 20 years’ corporate experience, including 15 years using cloud/hosted software as a service (SaaS) systems. As an early adopter of cloud systems, including BPOS, the first iteration of Office 365, he has been paying for the privilege of bug testing them ever since. Security bugs that aren’t fixed end up becoming magazine articles in an attempt to get the vendor to take notice. He started blogging in 2012 on free IT resources (http://nick-ioannou.com) currently with over 450+ posts. Author of 'Internet Security Fundamentals' and 'A Practical Guide to Cyber Security for Small Businesses' as well as contributing author to three 'Managing Cybersecurity Risk' books and 'Conquer The Web' by Legend Business Books. Date: April 24th, 2019 Recorded webinar: https://youtu.be/rIXDqEm_tfQ

2. Why would cyber criminals target me?

3. Fraud
Extortion
Theft
Unauthorized
Use
Why would cyber criminals target me?

4. Backups
Antivirus
Patch
Mgt
Email
Filtering
Web
Filtering
Admin
Privilege
Access
Control
MonitoringForensics
9 areas for true cover

5. MonitoringForensics
Email filtering

6. Emails are still the main infection route

7. Email System
Email Sender
Email Reason
Email Payload
Genuine
Compromised
Credentials
Genuine User
Legitimate
Reason
URL Link Attachment
Bogus
Spoof Display Name Deception Lookalike Domain
Extortion Fraud Theft
Unauthorized
Use of Assets
Disruption
Malicious
Attachment
Malicious URL Link
Attachment with
Malicious URL Link
Types of email

8. Criminals can make convincing fake emails

9. Criminals can make convincing fake websites

10. Criminals will try to mimic common file sharing services

11. To phish credentials

12. Attachments may not actually be attachments

13. Attachments may not actually be attachments

14. From: Terry Ratcliffe
To: Marion Barnes
Criminals have visited your website and know who to email

15. Criminals will try to mimic document signing services

16. Criminals will try to mimic accounts packages

17. Criminals will try to mimic accounts departments

18. REAL FAKE
Criminals will try to mimic file transfer services emails

19. Criminals will try to mimic corporate file sharing services

20. Or just use genuine file sharing services

21. Or just fake their own file sharing services

22. The criminals want our login credentials

23. Criminals know who we work with too

24. Criminals will compromise email accounts of suppliers

25. Criminals will compromise email accounts of suppliers

26. Criminals will compromise email accounts of suppliers

27. Criminals will compromise email accounts of suppliers

28. The criminals perfect storm
Compromised email
account of someone
you trust
With a link to a
genuine file service
That leads to a
password protected
file or phishing
attempt

29. Block uncommon attachment file types
.app .arj .bas .bat .cgi .chm .cmd
.com .cpl .dll .exe .hta .inf .ini
.ins .iqy .jar .js .jse .lnk .mht
.mhtm .mhtml .msi .msh .msh1 .msh2 .msh1xml
.msh2xml .ocx .pcd .pif .pl .ps1 .pl
.ps1 .ps1xml .ps2 .ps2xml . psc1 .psc2 .py
.reg .scf .scr .sct .sh .shb .shs
.url .vb .vbe .vbs .vbx .ws .wsc
.wsf .wsh
Block or quarantine the following file types
(unless you are web developers or programmers
.docm .dotm .ppam .potm .ppsm .pptm .sldm
.xlam .xlsm .xltm
Quarantine the following macro-enabled office files

30. Cloud-based email filtering

31. Turn on Microsoft Office protected view

32. MonitoringForensics
Web filtering augments Email filtering

33. Filtering DNS

34. Cloud-based web traffic filtering

35. Are you buying this?
When you really need these!
Spend your security budget wisely

36. Conclusion – what does it all cost
● Antivirus & Patch Management £30
● Email Filtering + 10-year archive £33
● Web Filtering £35
● Admin Privilege £22
● Access Control £30
£150 per year per person, or
£12.50 per month, or
£2.90 a week

37. EMAIL INTERNETEMAIL LINKATTACHMENT USERS COMPUTER
Sophos Intercept X
SERVER
Exchange Server Rules
My cyber defences cost £25 per person per month
2 step verification
logins

38. No budget to speak of
learninfosec.co.uk
eset.com/us/cybertraining
takefive-stopfraud.org.uk
hiscoxcyberclearacademy.com
TECHNOLOGY
The systems in place to
protect you
PEOPLE
Employee awareness
of what to do
or not to do
PROCESSES
The guidelines and
instructions in place
to protect you

39. ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
www.pecb.com/events

40. THANK YOU
?
nick@booleanlogical.com https://www.linkedin.com/in/nick-ioannou/
https://www.booleanlogical.com