Blog Post

Shark Week: 6 Tips to Secure Your IT Tackle Box

Shark Week: 6 Tips to Secure Your IT Tackle Box
Original article published on VMBlog.

Scientists recently dispelled the myth that sharks attack humans because they mistake them for other prey. In fact, sharks can see clearly below the murky waters. But, it’s not as easy for victims of phishing attacks to see what’s lurking behind an attached document or link within an email.

Email is the lifeblood of communications for organizations around the world. Among the 296 billion emails sent daily, there are dangerous emails lurking within. A successful email attack can cost companies as much as $4 million per incident. In honor of Discovery Channel’s upcoming Shark Week, let’s look at what these dangerous and misunderstood creatures can teach us about email and document security.

Beware of Phishing Attacks: Phishing attacks use “bait” to catch their victims and can cause significant damage. The 2016 DNC Hack, for example, was a pretty large bite: a leak of 19,252 emails and 8,034 attachments. Like a good fisherman, organizations should test their lines in advance by training their employees and conducting mock attackts. To minimize the damage of a leak, a security system that enables encrypted email and security document collaboration should be considered.

Know the Landscape: There are over 400 species of sharks wordwide, and 2016 had a record number of shark attacks and bites (107). Just as most beaches are safe, emails are a common part of business and are generally benign. As vacationers flock to beaches this summer, they should swim with confidence yet be aware of their surroundings. Don’t venture into deep water alone, and use the buddy system to keep track of your family and friends. Employees should send and read their emails with confidence as well, and have the ability to secure critical (deep water) emails sent both inside and outside the company. A secure collaboration system that provides anyone-to-anyone secure document sharing can ensure that critical content is protected from harmful attacks.

Confidential Documents are Blood in the Water: Sharks have a very acute sense of smell and detect injured creatures from miles away. They prey on a variety of sea life and their attack can be swift and vicious. Hackers send phishing attacks across an entire organization and when they detect an entry point, they pounce. When employees email confidential documents, the sensitive information can fall prey  to these attacks and cause massive damage. Enterprises can further improve security by encrypting confidential information on disk (at rest), during communication (in transit), and while viewing and editing (in use).

Just Keep Swimming: Some species of sharks have to move constantly to survive. Hackers are constantly growing new teeth in the form of ever more sophisticated attacks, so IT administrators should stay on top of the latest security news and threats.  Applying security updates and evolving enterprise systems will help stay ahead of possible attacks.

Analyze the Depths: A shark’s body is supported by cartilage rather than bones, which helps them swim comfortably at multiple depths of water., Security professionals can get comfortable with the information they track, but hackers are swimming at multiple depths. Look for ways to gather and analyze new types of data to help detect malicious activities. Tracking the movement of and interaction with confidential email and documents is one way to gain insight into behavior across an organization. This and other behavior analytics can alert administrators to suspicious activity when an attack is in progress or before it really begins.

Layers of Personalities: Recent studies have indicated that sharks can have distinct personalities. Good fishermen know this. They ensure their bait and tackle is ready; they know which type of bait will lure different fish or sharks; the understand the strength of their lines and tackle. Enterprises also need to be prepared to protect their employees and information, especially as corporate data is increasingly accessed by remote employees and contractors on mobile devices. It’s virtually impossible for an enterprise to oversee the security and usage of every access point into the enterprise, and breaches can happen when individual files are viewed or shared. Adopting a layered security approach that considers different entry points and scenarios provides broad protection for the organization. While preventing attacks is the best option, be prepared to detect and respond to possible attacks that your prevention systems might miss. If a hacker gains access to critical internal systems, is the organization prepared?  Is data secure and access restricted within the corporate network?

IT professionals navigate a sea of potential threats, and they never know when a shark may be lurking just out of sight. The ideas presented here will help enterprises prepare for the hackers (sharks) that may be swimming in your part of the Internet.

Written by Erik Brown, CTO at GigaTrust