The steps you must take to keep malware right outside your organisation
The steps you must take to keep malware right outside your organisation

Can anyone now imagine an enterprise that can doesn't need email to send important documents simply and easily between employees, managers, HR, finance, sales, legal, customers, and the supply chain?

It is hardly possible to contemplate conducting day-to-day business without email. Unfortunately, organisations often have a poor understanding of how standard files like Word docs, Excel spreadsheets and PDFs are the most common means by which malware is distributed. This lack of awareness makes it too easy for cyber-criminals to target a specific employee with a spoofed email or phishing attack, tricking them into opening an infected attachment that appears to be legitimate.

This state of affairs has to change and it is up to the organisations, meaning their security teams and employees, to adopt appropriate security strategies and best practices to prevent an attack that damages the entire company.

Here are some steps that your organisation can take to thwart these threats and keep sensitive data protected from malicious actors.

·     Analyse all the risk factors, especially in attached email documents

Creating a big-picture view of email security and risk posture is a critical first step towards understanding potential threats and implementing effective policies to mitigate risk and thwart attack.

Make sure your organisation evaluates all the possible avenues of attack and decides what functions should be retained or dropped in order to operate safely. With emails, many people fail to understand that exchanging documents involves risk – about 98 percent of files do not conform to the manufacturers' original document design. Your organisation needs to determine whether an aberration in a file is due to an attack, or something that's just poorly written or configured. A comprehensive understanding is required of the documents travelling through your network, the types of files and structural problems present, and which in-coming functional elements could put you at risk.

·     Don't depend on old border-security technologies to protect you

Once you understand the risks, you must apply appropriate security solutions. Most organisations have all the standard border controls, including firewall, anti-spam, anti-virus and even a sandbox, yet still they are by-passed by targeted attacks. But we know now that anti-virus and other signature-based, border-security solutions will not stop well-crafted, specifically-focused attacks.

It is important to assume that these traditional signature-based solutions and even relatively new sandbox technology will still leave you with gaping holes in your security architecture, letting socially-engineered, malicious document through to the user. All the while, attacks conducted via malicious email attachments have become increasingly sophisticated, luring users with phishing campaigns that appear to be completely legitimate. Remember, it only takes a user to click on one malicious attachment for your company to face disaster, so you need a ‘new baseline' for security, founded on innovation that does not rely on the old border-security technology.

·     Shift your approach entirely and look for the good

Arming yourself against gaps in email security requires a conceptual and technological shift that supplants targeting the bad, with techniques that look for and validate the “known good”. The reason? Cyber-criminals are constantly updating their tactics. Validating a file's legitimacy against its “known good” provides a high benchmark and offers an accurate point of comparison. This means being able to validate documents against the manufacturers' specifications and regenerate only “known good” files.  Then you can create a clean and benign file in its original format, which can be sent out again and passed along without any interruption to business. In short, it's about asserting control and bringing security to the file level, which is where you need it most. You need to retain the initiative by using deep file-inspection, remediation and sanitisation tools to eliminate malicious documents before they enter your organisation's system.

·     Restrict BYOD with tighter policies around document transmission

Allowing employees to use their own devices offers many benefits – not the least of which is being able to work from anywhere and conduct both personal and business activities, including document transmission, using the same tablet, smartphone or laptop.

Yet conducting business functions from a personal device often undermines the control your organisation has over the types of sites and apps used by employees, potentially exposing corporate data to information-stealing malware. Malicious code can easily be transmitted to mobile devices – and what's worse, many of these devices aren't equipped with security solutions aimed at detecting infected documents. Thus, malware from infected documents successfully downloaded on a company mobile device will have access to sensitive information on the corporate network. While the ability to send attachments via mobile devices might be a requirement for some, it's best to determine for whom this function is an absolute necessity, and then restrict everyone else to employee workstations. 

·     Slash risk by making sure everyone uses only what they need

Ultimately, organisations need to reduce the risk of a single employee opening up their whole organisation to a malware attack. Among other things, that means carefully determining the kinds of file-types and functional items that employees actually need to do their jobs.

There needs to be a thorough and careful assessment of all the variables, including potential threats employees are exposed to when receiving specific attachments, followed by a decision about the functions the business requires to operate productively. Which of your departments actually need audio, video or macros, JavaScript or embedded links in the documents they receive? If certain departments, groups or individuals don't require these functions, reduce your risk by setting appropriate restrictions. Creating policies that prevent users from exposing the company to threats while maintaining business continuity takes the maximum amount of risk off the table. 

It is difficult to achieve 100 per cent employee compliance with any set of security procedures, but if your organisation follows these tips and uses technology to ensure that only the “known good” is admitted to the system, you will hugely increase your level of protection.

Contributed by Sam Hutton, CTO at Glasswall Solutions

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.