Protect Your Brand and Reputation
After completing this unit, you’ll be able to:
- Determine what email security you currently have in place.
- Explain the most common email security threats.
- Recognize the signs of phishing and spoofing scams.
- Adopt and implement DMARC for your email.
Email Is Your Lifeline
Email is probably the most important and widely used communications system in today’s business world. It connects you with clients, customers, employees, prospects, and vendors. It touches nearly every part of a business. When you send communication via email, your recipients believe it’s you and trust the contents. Your email is directly connected to your reputation, and your reputation is one of the reasons for your success. It’s an integral part of your brand.
Now imagine your email system is hacked or compromised. Cyber criminals can now impersonate you, spread viruses, and gain access to confidential information, inflicting damage to the very people who trust you. Many businesses would come to a grinding halt. The damage could be disastrous. Protecting your brand and reputation must be a key objective for every organization, no matter its size.
Here’s the conundrum. The underlying email protocol Simple Mail Transfer Protocol (SMTP) was designed more than 30 years ago, when most of us hadn’t heard of email let alone adopted it. SMTP was never equipped to handle the security threats today’s email systems face on a daily basis. New, up-to-date email security protects your clients, employees, and business— everything that makes up your brand and reputation.
DMARC Is Your Friend
Domain-based Message Authentication, Reporting & Conformance (DMARC) is a widely used tool that assists email systems by helping them work together. DMARC authenticates emails and senders so the recipients are confident they are from legitimate sources. DMARC benefits the senders by ensuring that their important messages reach their destination.
Some of the more tangible benefits of DMARC include:
- Stops phishing emails before they reach users
- Decreases the risk of phishing emails ever entering the system
- Real-time alerts of phishing attempts
DMARC can be implemented easily. In fact, we’re happy to share the simple implementation guidelines directly from the Global Cyber Alliance.
The Global Cyber Alliance’s Protect Your Email and Reputation toolkit provides free tools for analyzing your DMARC reports. In addition, there are resources included to help you monitor the Internet for anyone trying to impersonate your website or your domain. You can use the tools listed under the Trademark Protection section of the Global Cyber Alliance’s Protect Your Email and Reputation toolkit to assist in protecting your trademark.
Now that we know what DMARC is, let’s talk about what it protects you from. Most email attacks come in through phishing and spoofing. In fact, phishing represents 22 percent of all data breaches, according to the 2020 Verizon Data Breach Investigation Report.
Most of us have heard the term, but how many of us can correctly define what phishing is? No worries, we’re here to help. Phishing is the fraudulent practice of sending emails pretending to be from reputable companies in order to coax people to reveal personal information, such as passwords, credit card numbers, client information, and more. Phishing emails can be sophisticated and extremely difficult to detect. The nuances that give away these illegitimate emails are subtle. You may not notice that the sender’s email is suspicious. Maybe the company’s name is misspelled by one letter. Perhaps the color scheme is off. Even the most informed can fall for phishing scams.
Spoofing isn’t new... It’s just evolved to the digital age. A spoofing attack occurs when a person or program successfully impersonates another by falsifying data, gaining an illegitimate advantage. The spoofer tries to convince the recipient to share valuable information or perform tasks on their behalf. These are as equally sophisticated as many phishing scams, and the spoofer often builds a virtual relationship with the victim. Once inside a user’s computer network, the spoofer often releases malware, compromising several systems and inflicting significant damage.
More Than Just Phishing and Spoofing
Yes, these are common email threats, but they aren’t the only ones. Other common email scams include:
- CEO fraud/business email compromise (BEC): This is a serious form of a phishing email. In this scam, someone pretends to be your CEO. It usually involves a request to the finance department for a money transfer. These can look legitimate and can even address people by first names. Even worse, sometimes fraudsters have gained access to the CEO’s email account. Just because it appears to come from your CEO, don’t assume it’s legitimate. Confirm any requests.
- Spam: We all get spam and try to ignore it. And they’re not all malicious, many are just annoying. However, there are two types of spam emails. The first are from the spammers themselves trying to sell you a product or service. They fall into the annoying but relatively harmless category. The other type are ones sent in bulk by computers infected with a virus. These are the ones to worry about.
You may be thinking, “I would be able to spot these.” Well, hopefully, you’re right. But recent history has shown that people continue to fall for these scams—it’s what keeps these hackers going. The best practice is to implement strong email security to protect your employees, customers, and business.
Sum It Up
Your email represents you. It’s a key part of your brand and reputation. There are people out there making every effort to penetrate your email systems and gain access to all sorts of information. DMARC is the best way to protect your business, and there are a lot of resources to help you implement it.