Archives For secure email

starbucks

Are You Providing Email Security as Part of Your MSP Offering?

Email Compromise Has Grown by %1300 Over the Past Year

Over 95% of your clients intellectual capital is digital today – more than likely, 50% of that is in clear-text email. Email compromises are now growing at astronomical rates.

Too many of your clients think spam is just a nuisance. It’s also malicious. While spam is responsible for landing bots on client systems, it’s the email scams that are fast becoming an easy win for hackers.

What I’m talking about here is fake email written by scammers, posing as the boss.

How Do Email Scams Work

It works like this…an email is sent from the boss to someone with the ability to transfer funds. The account information is provided, with a request to transfer $10,000 for example.

It may be a partnership deal, customer refund, or payment to a vendor. The person doing the transfer doesn’t have time to research it – they just transfer the money and go on to the next task. The cash is now sitting in a bogus account, controlled by the scammer.

These scams work! Why? Most of the companies you do business with are using technology to block viruses, not social engineering. These emails look legitimate.  They don’t contain malware of any kind. They’re simply a request coming, supposedly, from an executive. No one’s asking questions – they just move to get the job done.

Millions Are Being Lost

Over the past year roughly $3.1 billion worldwide, have been transferred using this scam. In the U.S., WSJ reports that, “as of last month, 14,032 victims of the scam had reached out to the FBI’s Crime Complaint Center within the past three years, with combined losses totaling more than $960 million.”

These losses come from all size companies – large and small business. No one is safe. Most of the transfers are going to China and Hong Kong – no surprise there.

Is There Anything That Can Be Done To Stop This?

Compromised or spoofed email accounts are nearly impossible to detect once the compromise is made. Stopping someone from spoofing by securing email servers and accounts is the first step.  But there’s more…

There are some solutions coming out right now through a cloud-based service, for an annual fee.  These services manage a white-list of approved senders.  Google, Microsoft, and a few start ups are working on this.

There’s also a need for security awareness in this area, as well as some procedures to follow when dealing with requests to transfer money. The technology isn’t there yet – clients may need to communicate these requests using some other means – not email.

I agree with the FBI position on email – businesses should not be using free email services.

© 2016, David Stelzl

 

Advertisements

How often do your clients send stuff through email that just shouldn’t be sent?  I came across this tool through a client recently – up to five sends free per month; and support for up to 2GB files!  Pretty cool stuff.  This morning I used it to send some very large files to a client in Chicago.  I created an account, uploaded the files which exceeded YouSendIt’s capabilities, and then was given the choice on how to the receiver should authenticate.  I chose to have them enter their cell phone and receive a txt message with a 4 digit code – check it out:

https://protectedtrust.com/

What happens when the client can’t afford something?  Naturally, the conversation turns to dollars and discounts.  “We don’t want to short-cut the solution, yet we can’t afford the price.”  In other words, “It’s not in our budget, but we still want it – what can you do?”  We talked about establishing value prior to price several days ago, but now the price has been proposed, and the client can’t come up with the money.  Or, in another scenario, you have a contract (perhaps recurring revenues through managed services) and the client can no longer afford the level of services originally contracted for.  So what do you do?  Here’s a simple way to get back on track.

“Price aside….”  Money can never become the central issue.  People don’t figure out how much they have to spend and then look for something / anything that will fit the budget.  At least they shouldn’t.  That’s how people end up with a lot of junk they just don’t need.  Instead, set the price aside for a moment and figure out what really is needed.  If money is tight, scrutinize what the client really does need.  Great consulting means improving the client’s condition, not selling more stuff.

So I simply say, “Price aside, let’s look at what we are proposing and figure out if this is really what you need.”  Let the client see the pros and cons, the value and risk, etc.  Ask probing questions such as, “If we cut this out, people will be able to send any type of sensitive company information through email unchecked.  Is that okay with you?”  “If we cut this out your data won’t be backed up off site.  So if someone forgets to run the back up, the tape fails, or the person who takes it home loses it or it gets stolen, your data will be unrecoverable and on the street.  Is that okay?”

Force people to look at the solution, it’s value, the risks and opportunities.  They may still not have the money, but if it’s clearly what they need, at least they will want it, may find the money, or start saving for it.  Discounting is never the right answer.

© 2010, David Stelzl