Page 70

London Business Matters

70 BUSINESS CRIME & SECURITY devastating. For many small businesses these types of losses can mean the end of business. One of the most common, prolific threats is phishing. Phishing is a social engineering attack in which a fraudulent email message is sent and appears to be coming from a legitimate organisation or user. The goal of this attack is to either steal personal identifiable information (i.e. usernames, passwords, bank or credit card information), to commit fraud (false wire transfer requests) or to infect systems with malware, such as ransomware or a keylogger. Everyone with an email address has seen a phishing email – they appear to come from a trusted source such as your bank and use urgency and fear to get you to give up credentials. In days gone by they were relatively easy to identify due gross spelling errors and bad grammar but in recent years have become much more sophisticated and more difficult to spot. Everyone, every business is at risk of being phished. According to the 2016 Verizon Data Breach Investigations report (www. verizonenterprise.com/resources/reports/ rp_DBIR_2016_Report_en_xg.pdf) , phishing continues to be one of the primary ways in which organisations are breached. The criminals behind phishing have become cunning. Now it can be difficult for users to determine legitimacy of email messages. Gone are the misspellings and poor grammar. Spammers now do an impeccable job of recreating legitimate looking and sounding messages. Everything from the graphics, email address and relationship between the apparent sender and the intended recipient are recreated to appear genuine. The damage from phishing can be twofold. First there is the damage to the victims – those who fall prey to the fraudulent email. Second, brands being used to commit the fraud are also damaged. Trust in the brand being spoofed is diminished. All this begs the question: what can be done? One answer: DMARC. What is DMARC? DMARC (Domainbased Message Authentication, Reporting & Conformance) is an email authentication protocol that protects brands against spoofing and also protects the inbox against receiving fraudulent email. Depending on how the policies are set, spam and phishing messages will be quarantined or deleted before ever reaching their destination. It is free. Any organisation can set it up and use it to protect their brand and email against phishing. DMARC provides brand protection against spoofed emails which can lead to increased customer confidence and trust. Inboxes are protected against receiving fraudulent and potentially dangerous email. In addition to protection, DMARC provides a reporting mechanism to allow organisations to review legitimate and questionable email, those that originate from an unauthorised source. All of this and it is free. No license or fee is required to use DMARC. Many trusted organisations are already using DMARC. By joining the ensemble of organisations already deploy DMARC it you are opting in to a higher level of protection for your business by protecting both your brand and your business against harmful email. To enable DMARC you must go through process to implement the appropriate policies. Many large organisations use solution providers to manage this process and collect the reports. We applaud and support these efforts – use of DMARC protects brand, inboxes and the more organisations who use it, the better the entire eco-system will be. Global Cyber Alliance recognises that some of the barriers to DMARC implementation are that use of a solution provider isn’t a financially viable option for many small to medium sized business and that it can be confusing to set it up on your own. We have strived to make the process easy by developing a tool that any business, government or organisation can use to implement the process. Along with the DMARC tool, more information is available to learn how DMARC can protect your business. Visit www.globalcyberalliance.org to set up DMARC for your organisation today. i All are welcome to join forces in our mission to mitigate and eradicate cybercrime. Visit www.globalcyberalliance.org to learn more. “Phishing continues to be one of the primary ways in which organisations are breached...” AND YOUR BUSINESS:


London Business Matters
To see the actual publication please follow the link above