Security is the foremost concern in the strategy and development of IT networks and support. Balancing the need for more access with the security holes that access can leave is difficult. That is why it is important to focus on the most used of theses portals into our network: email.
So as a C-level corporate executive or assistant of a company, you receive an email from your CEO to transfer funds from your company to an account for a payment or other reasons. You dutifully transfer the funds as requested only to find out that they were actually transferred to an offshore account owned by foreign hackers. The company has lost millions. So what happened?
Hackers compromised your email system and appropriated the account of a c-level employee. This is becoming a more common occurrence. The FBI estimates that criminals have netted nearly $750 million between October 2013 and August 2015 by compromising 7,066 companies.
How the Hack Works
Hackers don’t even need to take over your network in order to do this. They simply use a process called spoofing. Spoofing is a way to make an email appear to be sent from inside your security firewall and from your internal email server. It makes it very difficult for any email protection systems to spot these emails as a scam because spoofing tricks the system into thinking that the emails are coming from the inside.
Be Careful of Email Attachments
A key way to fight email hacks is to educate users about phishing scams and the dangers of clicking on email attachments from untrusted sources. This is how hackers are able to get the information about the business networks that they can then use to compromise your email system. The best thing you can do is deprive hackers from this information in the first place.
Two-Step Authentication for Large Business Transfers
Another method that can be used is a two-step authentication process for fund transfers from C-level employees. The way a two-step system works is that along with the email, a numeric or other type of code is sent from an independent source. Depending on your company’s preferences, there are a variety of applications which deploy two-step authentication procedures.
In order for the transfer to go through, it must first be placed, then the authorization code must also be sent along with the request. Without the correct code, wire transfers never happen, and the money is never lost.
Two-step authentications can also be used prior to this by having your email login process require this feature. Without the correct code, your system will be alerted to an unauthenticated email that can be disregarded.
Trust U.S. Computer Connection for Your Help with Your IT Strategy
If you are planning on setting up a two-step system for your company or have other security consulting needs, contact the experts at U.S. Computer Connection today.