Posts

Service Update: Advanced Threat Protection

Service Update Announcement

Beginning July 1, 2022, Cumulus Global is adding Advanced Threat Protection services to all clients using Microsoft 365 and Google Workspace.

With more than 40% of cyber attacks targeting small businesses and two thirds of attacks using email, Advanced Threat Protection is no longer an option. The stakes are too high. Recovery takes an average of 21 days and 60% of small businesses fail within six months of a successful attack.

To minimize the impact, we are waiving the standard setup fee and discounting the service by 20% for customers with an annual commitment. The fee will be reflected on your annual invoice or monthly invoices, as appropriate.

You may opt out of the Advanced Threat Protection service. To opt-out, please notify us by email prior to May 25, 2022. If you elect to opt-out, please review the terms of our Service Level Agreement as posted on our website.

Please contact us or schedule time with one of our cloud advisors if you have any questions.

Email Security – Good, Better, and Best

When launched Cumulus Global 15 years ago to provide small and midsize businesses (SMBs) with email security and security solutions. As early adopters, we saw how cloud solutions made enterprise grade solutions affordable and effective for small businesses.  While much as changed over the past decade and a half, we still face email-based threats.

Email Attacks are Easy

According to Verizon’s 2021 Data Breach Report, email remains one of the most common vectors for attacks. And, phishing attacks are at the top of the list. Email phishing attacks remain prevalent because they are relatively easy. Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With more of our personal information available through social media, attackers can use psychological tactics and personalized messaging to target specific individuals (spear phishing) and business leaders (whaling). In doing so, they garner sensitive information and gain access to systems and data.

Business Email Compromise

Business Email Compromise (BEC) attacks impersonate your email domains or emails for specific users. In most instances, BEC attacks look and feel like legitimate emails from your business. Combined with social engineering tactics and personalize information, they are hard to spot and often successful.  Attacks can be “internal” that target your employees, or “external” that use your business to defraud your customers and associates.

Email and Domain Impersonation

Preventing email and domain impersonation attacks bypass account level security, including multi-factor authentication. To prevent these attacks, recipients should only accept email that can be authenticated as coming from your domain.

Protection: Good, Better, Best

Currently, you have three levels of email domain security that can protect your business and your identity: Good, Better, and Best.

Good: SPF Sender Policy Framework

SPF verifies emails sent from valid IP addresses, either from your domain or authorized senders. While most small businesses have an SPF record configured, errors cause individual emails, or emails from marketing and CRM systems, to be flagged as spam by the recipient. Cyber attackers can spoof email addresses to give the appearance of a validated sender.

Better: DKIM DomainKeys Identified Mail

DKIM verifies that have been digitally signed by the sending domain, or by services sending email on behalf of the domain. Proper configuration is technical and involves cryptographic key management; errors can lead to fake messages with valid DKIM signatures. Cyber attackers can remove the DKIM signature using sophisticated relay attacks.

Best: DMARC Domain-based Message Authentication, Reporting,
and Conformance

DMARC authenticates email origin by aligning identifiers from SPF and DKIM, and instructs recipients to deliver, quarantine, or reject failed emails by policy. DKIM helps improve email deliverability. Is the best protection against email and domain impersonation attacks, whether they target your employees, vendors, or customers. Reporting enables you to see email sources and manage your policies.

Call to Action

While you set up SPF and DKIM with DNS record entries, DMARC is best implemented as a service. Doing so provides you access to settings, reports, and analysis tools. For most small and midsize businesses, the level of protection DMARC provides is worth the minimal cost.

You can learn more with our eBook: Email Security: Good, Better, Best.

To discuss your email security configuration, make an appointment with one of our Cloud Advisors, send us an email, or fill out our contact form.

EFail Flaw: Encryption Alone Does Not Protect Your Email

Email EncryptionAs reported last week by eWeek and others, researched found two flaws that allow hackers with access to email accounts to read emails encrypted with OpenPGP and S/MIME.  This is significant for two reasons:

  1. These standards are available for us in almost every email client
  2. Budget-conscious users often relay on public-domain or free tools to use OpenPGP or S/MIME for email encryption

As noted in the eWeek article, 23 of 35 email clients tested as of the publication date were vulnerable.  While the actual risk from EFail is currently moderately low — hackers need access to the encrypted emails before they can exploit EFail, the rate of identity compromise is on the rise. Secondary threats, such as EFail, will become a more prominent form of attack in the future.

Free Encryption Solutions Often Lack Sufficient Protection

Robust email security and encryption services include features, such as validation of digital signatures, that ensure the integrity of encrypted email messages.

Furthermore, solutions, like ZixEncrypt, control both ends of the encryption process, so any messages (with or without S/MIME encrypted attachments) with an invalid or missing digital signature get bounced. Integrity checks prevent the delivery of compromised messages, thereby preventing exposure.

As you face an increasing need to secure email communications, the robust features in services like ZixEncrypt create a value proposition most businesses cannot and should not ignore.


Contact us for more information about email security, encryption, and compliance.


 

library

Email Security: Good, Better, Best

eBook - Email Security - Good, Better, Best.eBook | Source: Cumulus Global

While much as changed over the past decade and a half, we still face email-based threats.

Why? Email Attacks are Easy.

Cyber attackers are able to say one step ahead of our defenses, in large part to the rise in social engineering. With phishing attacks and compromised identities, email impersonation and domain impersonation attacks can bypass traditional account security measures, including passwords and multi-factor authentication.

This eBook

  1. Provides an overview of the challenges
  2. Identifies three levels of email security protection: SPF, DKIM, and DMARC
  3. Discusses the value proposition for robust email security and protection

Please confirm your information, below, to view and download the eBook:

Webcasts

Email Security and Reliability

3T@3 Webcast Series: Tuesday, August 17th at 3:00 PM ET

Cyber attacks are up more than 400% over the past 18 months. More than two-thirds of all attacks begin with email. Most organizations have Sender Policy Framework (SPF) records to identify authorized IP addresses; Some use Domain Keys Identified Mail (DKIM) to validate email integrity. Very few use Domain Authentication Reporting & Conformance (DMARC) to prevent inbound attacks and ensure your email is trusted and delivered.

DMARC prevents business email compromises, spoofing, and phishing attacks. In addition to protecting you from inbound attacks, DMARC protects your domain’s reputation and helps ensure reliable email deliverability.

In this month’s 3T@3 Webcast, we explore the tenants of email security and will discuss how adding DMARC to your security profile protects your business. Our CEO, Allen Falcon, will be joined by Brian Westnedge of Red Sift. The team will present onDMARC as a DMARC-as-a-Service solution. More than half of all companies fail to complete their DMARC implementation projects. onDMARC ensures a successful deployment and on-going management of your email integrity.

Please join Allen and Brian to learn about risk, reputation, and reliability for your email communications.

View the Recording On-Demand:



Data Protection & Security

Email Security and Compliance

3T@3 Webcast Series: Tuesday, July 20th at 3:00 PM

79% of cyber attacks involve compromised identities; more than 80% of these start with an email.  Email security and compliance is not an option; basic protections are no longer enough. Beyond blocking spam, ransomware, and malware, you need to protect your business from phishing, business email compromise, and identity spoofing and theft.

Tiered email security protects against inbound threats, outbound risks, and identity misuse and theft.

In this month’s 3T@3 Webcast, we give an updated look at email security and compliance. Summarizing risks and trends, we dive into a tiered approach to ensuring your business, data, employees, and reputation are protected.  We also discuss emerging compliance requirements and steps you can take to ensure you operate within regulatory, industry, and policy expectations.

Please join Cumulus Global CEO Allen Falcon for this essential webcast.

View the recording on-demand.


Data Protection & Security