Showing posts with label Email Security. Show all posts
Showing posts with label Email Security. Show all posts

Monday, July 17, 2017

Security breach! How to prevent your G Suite domain from getting hijacked

Legacy security solutions are no longer as effective against todays clever hacking methods, and on-premise hardware can often lack sufficient scale and performance to protect internet connected application infrastructures as they grow. As more organizations move their operations online, they need a cloud-based security solution that can defend their domain, email, valuable data, and in some instances, brand image.

Lately we have witnessed increasingly clever phishing attempts in our customer base. Some of these attempts are so sneaky you'd need to do a double or triple take to notice it as a red flag. Take for example a long time customer of ours who was sent an email with an almost identical domain name (only one letter was different). The email came from the actual domain name, meaning that the hacker had invested the time and money to purchase and configure the domain with the intent to hijack the real customer domain. Luckily our customer realized it was a malicious email and immediately deleted it and reported the domain to Google.

G Suite's cloud based security protocols are top notch. Google recently added a new security feature in Gmail to warn users when responding to emails sent from an external domain and not someone in their contacts. This feature increases awareness against forged email messages, impersonation, as well as common user-error when sending mail to incorrect addresses.
When a user clicks 'reply' in Gmail, Google scans the recipient list, including addresses in CC to verify the risk level. If a recipient is external to the user’s organization, not present in their Contacts or not someone the user interacts with regularly, the warning is displayed automatically. This is a subtle, yet powerful, way to keep your users vigilant.

A valuable step to take to prevent a hijacking is to create a rule in Gmail to bounce emails from domains that have close spellings. Here's how:
1. Login to your G Suite Admin account.
2. Go to Apps ---> G Suite ---> Mail ---> Advanced Settings
3. Under the Spam Section, Blocked Senders ---> Configure
4. Enter a (very) short description for the summary of what's being blocked
5. Use an existing list or create a new list for the addresses that are going to be rejected (you can choose single or multiple domains and single or multiple email addresses.)
6. Optional; you can edit the rejection notice that the sender will receive in the blocked bounce-back (leaving it blank will use the default).
7. "Bypass this setting for messages received from addresses or domains within these approved senders lists." - this option can be ignored (defaults to being checked off, but does not matter unless a list is created or used in this section).  This option also serves the purpose of allowing exceptions that can still send (eg. malicious.ca is blocked, but hacker@malicious.ca is allowed, or malicious.ca is blocked, but hackers.malicious.ca is allowed to bypass).

As long as we live in a world of technology, attackers will always look for ways to target us. As the internet evolves, the methods and techniques used by these attackers evolve along with it. It's important to understand that vulnerabilities do exist and the best way to avoid a compromised system is to set preemptive measures like the ones G Suite offers. The challenge with web security lies in that very changing nature. True cloud solutions offer the latest and most secure methods to provide the utmost protection for your online assets.

To learn more about cloud security and G Suite, contact Interlock IT today!

Friday, June 23, 2017

Is your company domain safe from spoofing?

There's no doubt that in the last two decades email has become the backbone and primary source of business communication. Businesses rely heavily on emails to communicate internally with their own staff as well as externally with clients and partners. Gmail alone has well over one billion monthly active users. Such heavy email dependency requires immense reliability and security. Unfortunately, we find many businesses are unaware that their backend mail settings are not configured for optimum reliability and security.
When it comes to securing Gmail admin settings, it's crucial to have the correct DNS (Domain Name Settings) configured to prevent domain spoofing. What's domain spoofing? In simple terms, it's the unauthorized use of a third-party domain name, primarily in an email message, in order to pretend to be someone else. SPF, DKIM, and DMARC are all security standards followed in G Suite applications to keep your domain safe. SPF (Sender Policy Framework) records allow the user to easily identify spam messages for their domain. DKIM (Domainkeys Identified Mail) attaches a new domain name identifier and encrypts the message to validate authorization for the message, and DMARC (Domain-based Message Authentication, Reporting & Conformance) allows the user to instruct how Gmail handles unauthenticated emails coming from within the domain. These may all sound complicated but are quite necessary to keep your users and domain safe. Use the Google Toolbox MX checker to see if your domain is configured correctly. If there are issues you will see the following prompt when you run the check:

If this is what you see when you check your domain, contact us! We highly recommend using an expert to configure these security protocols as we've seen customers claim their IT staff has already set these up, only to find out later that it was configured incorrectly. This cost of properly setting these protocols up is negligible in comparison to the potential damage they prevent.

In our several years of experience, we've seen users simply don't realize the importance of having the proper DNS records set up, simply because it was not given importance or because it was too complicated for their IT staff to configure correctly. To help our cloud friends enjoy a safe and secure domain, InterlockIT will clean up your DNS records for FREE in exchange of transferring your G Suite subscription to us as your reseller (some conditions apply). It's a win win since you get free assistance to protect your domain as well as all the benefits of having a Google Cloud Partner. Contact us today and lets secure your domain!