Join Lisa Bock for an in-depth discussion in this video Securing email, part of IT Security Foundations: Core Concepts (2015).
- Email is by far the most commonly used communication tool for personal and business use. Although highly effective, email can pose a security risk. Some threats include malware that is introduced through an employee's email. Email can carry a wide variety of extensions. Devices in maleware protection recognize these extensions as possible threats and are quarantined. I'm at this website where we can see a list of common, dangerous, and malicious file extensions.
As you see, there are quite a few of them. So if, for whatever reason, you're not getting a file, it may have been quarantined because it has one of these extensions and it is recognized as a possible threat. Phishing attacks encourage the recipient to click on a link and share confidential information. A spoofed email looks like it's from a legitimate source but generally contains a false sender address. Remember, do not ever give away your password and, also, be cautious before clicking a link in an email.
Scripts can be embedded within the email and can run when a user opens the email and completes some malicious act. Email programs, such as Microsoft Outlook, block scripts by default, but you can also disable them in your browser settings. I'm in Internet Explorer. In the upper right hand corner, I'll go to Tools, and then Internet Options. I'll go to Security and Custom Level, and we can scroll down until we find Scripting. And here under Active Scripting, I can either disable or prompt.
Spam targets email recipients with direct mail messages. A spammer's goal is to reach as many recipients as possible with the hopes someone will respond. Spammers can purchase email lists or generate their own lists. Spam is costly, as we see from this SPAM Calculator. You can see how much spam is costing you and your company each year. For example, number of mailboxes, we'll put 100. Hourly salary, we'll put 12.
Amount of spam every day in each mailbox, four. And time it takes to delete each spam, it says five and that's probably a good average. We'll calculate that and you can see it's nearly 1,500 dollars a year for spam. Sadly, over 60% of emails received in an organization are marked as spam every year. When a phishing attempt gets a user to divulge his or her email address and password, the spammer may attempt to use the stolen identity as a spam relay.
If this happens to the corporate email account, the IP address may get blacklisted due to an outbound email attack. There are websites administers can go to to see if they are on the blacklist and, also, there are websites you can go to to see if a website is an open relay.
Note: This course maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals 98-367 certification exam and is recommended test prep viewing.
- Differentiate between risks, threats, and vulnerabilities.
- Explain how to avoid worms and viruses.
- Define cookies, and explain how they preserve user information.
- Describe the WPA2 wireless security method.
- Cite the differences between public and private key encryption.
- Summarize how to use a virtual private network.
- Identify ways to minimize the attack surface.