Email is at heart of so many businesses, yet it is one of the most flawed methods of communication with over 50% of all email traffic unwanted spam. Email security solutions can be bypassed, via legitimate services, but you can still identify the outliers that make it through.
Main points covered:
• Why are we in such a mess with email?
• How criminals can bypass email security
• How email security also needs web security
• Habits to increase your email security
Presenter:
Nnick ioannou is an IT professional, blogger, author and public speaker on cloud and security issues, with over 20 years’ corporate experience, including 15 years using cloud/hosted software as a service (SaaS) systems. As an early adopter of cloud systems, including BPOS, the first iteration of Office 365, he has been paying for the privilege of bug testing them ever since. Security bugs that aren’t fixed end up becoming magazine articles in an attempt to get the vendor to take notice.
He started blogging in 2012 on free IT resources (http://nick-ioannou.com) currently with over 450+ posts. Author of 'Internet Security Fundamentals' and 'A Practical Guide to Cyber Security for Small Businesses' as well as contributing author to three 'Managing Cybersecurity Risk' books and 'Conquer The Web' by Legend Business Books.
Date: April 24th, 2019
Recorded webinar: https://youtu.be/rIXDqEm_tfQ
7. Email System
Email Sender
Email Reason
Email Payload
Genuine
Compromised
Credentials
Genuine User
Legitimate
Reason
URL Link Attachment
Bogus
Spoof Display Name Deception Lookalike Domain
Extortion Fraud Theft
Unauthorized
Use of Assets
Disruption
Malicious
Attachment
Malicious URL Link
Attachment with
Malicious URL Link
Types of email
28. The criminals perfect storm
Compromised email
account of someone
you trust
With a link to a
genuine file service
That leads to a
password protected
file or phishing
attempt
35. Are you buying this?
When you really need these!
Spend your security budget wisely
36. Conclusion – what does it all cost
● Antivirus & Patch Management £30
● Email Filtering + 10-year archive £33
● Web Filtering £35
● Admin Privilege £22
● Access Control £30
£150 per year per person, or
£12.50 per month, or
£2.90 a week
37. EMAIL INTERNETEMAIL LINKATTACHMENT USERS COMPUTER
Sophos Intercept X
SERVER
Exchange Server Rules
My cyber defences cost £25 per person per month
2 step verification
logins
38. No budget to speak of
learninfosec.co.uk
eset.com/us/cybertraining
takefive-stopfraud.org.uk
hiscoxcyberclearacademy.com
TECHNOLOGY
The systems in place to
protect you
PEOPLE
Employee awareness
of what to do
or not to do
PROCESSES
The guidelines and
instructions in place
to protect you
39. ISO/IEC 27032
Training Courses
• ISO/IEC 27032 Introduction
1 Day Course
• ISO/IEC 27032 Foundation
2 Days Course
• ISO/IEC 27032 Lead Cybersecurity Manager
5 Days Course
Exam and certification fees are included in the training price.
www.pecb.com/en/education-and-certification-for-individuals/iso-iec-27032
www.pecb.com/events