Small Business Cybersecurity 5 of 7: You Must Have a FilterTim Weidman
This is part five in a seven-part series regarding security concepts for small businesses. As an owner or principle of a small to medium sized business, you have the ability and the responsibility to understand security basics and ensure they are implemented for you.
- Part 1 of 7: Who has your back(up)?
- Part 2 of 7: Be on the Alert
- Part 3 of 7: When to (NOT) be an Admin
- Part 4 of 7: Gone Phishing
- Part 5 of 7: You Must Have a Filter
While the number of actual emails received by the average person continues to hover between just over 100 per day, there are usually an additional 200-1000 spam emails blocked before getting to your inbox. Up to 90% of these contain malicious content.
The number of websites in the world is now around one billion, and I don’t have to tell you that these sites include pretty much everything you can imagine, and perhaps many things you cannot.
Since we cannot live without this massive glut of digital information, the issue becomes how to decrease your security risk, and one layer of defense is filtering.
Filtering, of both email and web traffic, is NOT an optional component for any business.
Pretty much all organizations have some type of email filtering. If you had none, you would have an enormous glut of emails in your inbox 24 hours a day, so I am assuming you have something keeping the hordes of unspeakable subjects away from you.
Although all this clamor can be a huge nuisance, from a security standpoint, we are most concerned about the dual threat of “attachments” and “links” contained within the email.
1> Attachments: Attachments are the most dangerous threat when it comes to maintaining a defense against malicious attacks through email. You can package anything in an attachment, including malicious programs capable of Ransomware delivery, Banking Trojans and other threats. In many organizations, email attachments are the number one way that people receive information. It has replaced faxes, postal mail and all other methods to receive information.
Here are some tips regarding attachments:
- Have an alternate method to receive documents: This is the number one way to decrease your risk from malicious email attachments. There are more efficient and safer ways to receive and send documents, including secure file transfer services like ShareFile. Many of these services offer other benefits such as electronic signature management, document collaboration and secure file storage.
- Filter File Types: Spam filters limit the sending of explicitly dangerous file types such as executables, but may also have the option of blocking Zip files and other archive files. In most cases, you can whitelist specific senders to allow archive attachments if needed, but it is a far better solution to not allow these through email at all and steer senders toward an alternate document sharing method.
- Advanced Attachment Filtering: This is an additional level of protection which opens the attachment and tests it before it is ever delivered. It may be a small additional cost and cause a slight delay in delivery time, but completely worth it in the end.
The most important factor in reducing risk of malicious email attachments is an alternate way to receive documents and a culture that understands email attachments to be the exception, not the main way documents are received.
2> Links: A link is anything “clickable” in an email. Links must reach out and run content from the internet to do you harm so in some ways they are not as effective in the delivery of a malicious payload as an attachment. They do however have the advantage of more easily sneaking by many spam filters.
The best defense against cyber-attacks through email links is employee education. The simple rule is:
There is NEVER a reason to click on a link in an email. Period. Ever.
You can always go to the website related to the email, sign in normally and access the information that way. If you do not have a normal process to login to this entity, Google the name of the company and go to the site that way instead of using the link.
A large percentage of small businesses do not do any type of web filtering at all. This leaves a large hole in your cyber security defense strategy. Excuses I often hear as to why a business does not filter the web include that they only have a small and well-known staff who is well behaved, or that they do not want to make employees feel like they are being treated like children or being monitored and limited.
There are many reasons why web filtering is not an optional component:
- Additional Layer of Defense. Web filtering adds an additional layer of defense against other attacks. A proper web filter can catch malicious attacks delivered by phishing email attachments and links, as well as block some Ransomware attacks from “phoning home” to start the process of encrypting your data.
- GEOIP and BOTNET Filtering. Many web content filter solutions offer the ability to realtime filter areas and IP addresses producing a high level of malicious websites or other types of attacks.
- Malvertising allows attackers to plant bad things in legitimate ads on legitimate sites. Web content filtering can help reduce this threat by detecting attempts to leave the legitimate site and traverse to another malicious site without the knowledge of the web surfer.
- Non-Technical Reasons. Nearly all businesses have other reasons to filter web content. After all, if you do not filter anything you are leaving your employees the ability to surf absolutely everything on the internet, and that encompasses a lot of questionable things. You may have a high level of trust in your staff, but may still be leaving yourself open to a high level of liability in the form of HR and other issues.
The real question here is, do you and your staff need access to all one billion internet sites including all manner of content to function productively at work? This is not a question of cultural or moral control, but is largely a question of the safety of your digital assets.
What to Do
1> Know what method you use to filter spam. Learn about the system you use to filter spam. If it offers advanced capabilities, use them. If it does not, consider finding another solution.
2> Filter the Web: If you are not already filtering the web, you need to do so. It is not difficult or expensive and if you google “Web Content Filtering” you will find a long list of solutions from which to choose. Look for the ability to block Ransomware key retrieval, GEOIP filtering, BOTNET filtering and Malvertising. If you have an existing web filter, see if it has these features as well and implement them.
Learning more about what you use to filter email and the web and what solutions are available does not require a high level of technical ability and is an effective investment of your time. Changing the culture of your organization away from constant email attachments, clicking links blindly and being able to surf anywhere you want can be awkward but it is a vital and necessary part of your cybersecurity defense strategy.
At Frankel Zacharia Technical Services, we offer many solutions to assist you including consulting on what email and web filter solutions are the best fit for your organization, staff security awareness training and more. Let us know what we can do to help.
Thanks, and remember, you can and should understand your own technology
Tim Weidman is the Director of Information Technology at Frankel Zacharia Tech Services, a department of Frankel Zacharia, LLC. Tim has a technology career spanning over 25 years and holds professional certifications in Certified Ethical Hacking and Penetration Testing, Security+, A+, Network+ as well as Microsoft, Apple, Linux and Novell technologies. For more information visit: fztechservices.com.