We are getting a lot of questions about quarantine summaries that you are now getting in your inbox. The most common questions are; “Why am I getting these?” and “Why can’t my spam email just go to the Junk box like it used to?” So, let’s take a few minutes to answer these questions and give you a bit more information. This is a good resource for educating everyone in the office on how to manage their inbox!
The Bad Guys
Email attacks are on the rise and have been for some time. Cybercriminals are constantly looking for ways to breach your inbox to get a chance at scamming you. They show no mercy and they have no limits as to who they will target. The more vulnerable you are, the better, as far as they are concerned.
148% Spike in Ransomware Attacks in March 2020
VMware
The Covid-19 pandemic has been a feast for cybercriminals! But why is that? Well, the short answer is that people have changed how they are accessing their data. The lockdown put many of us in home offices and forced us to hastily adapt to remote work. As you can imagine this has put many at risk, as the bad guys are out there looking for holes in your security. Many businesses were caught unaware of the vulnerabilities that occur when you have users working from remote locations. Those home computers are problem they are hoping to exploit.
Why Is Email Vulnerable?
Nearly half of data breaches are due to human error. Often, inadvertent insiders will fall for a phishing or other scam using email.
94% of Malware is Delivered Via Email
Verizon’s 2019 DBIR Report
Email wasn’t originally intended to be the tool that it has evolved into. It was originally meant to be on a very small scale. So, when the originators wrote the code on email, they weren’t thinking of security, they were thinking of accessibility and convenience.
Basically, Email is vulnerable because people are curious and want to click on things out of curiosity, a sense of emergency, or negligence.
You are the first line of defense in a cyber-crime attack!
Harbor’s Response
IT insurance companies are getting more involved with our processes due to the high number of ransomware events. Thankfully, our clients have been safe, but across the business community in general is where you’re seeing these events. Because of this, we are now requiring clients to sign a waiver should they insist on not following our recommendation for things that are not considered best practice.
The reason we made the change from sending some bad mail into the junk folder and just rejecting others is two-fold. Some regulations require all mail be delivered so we are now delivering that mail into the quarantine if it has been identified as suspect. The reason that we chose quarantine is that it makes it more difficult for you to make a bad decision and open an email that could encrypt your files, send you to a spoofed account page where you end up giving the bad guys your credit card or username and password or that might lead you into a scam.
False Positives
The other thing that happened is that email rules changed. You now have to have a much more complex email setup in order to have your email identified as spam or phish. We have our clients set up but many other businesses don’t have good quality IT and we’re seeing a lot their email end up getting caught and ended up on the quarantine.
Going Forward
- Training: We have adjusted the settings to create as few false positives as possible but from that point, we recommend some individual training. We can do a quick training session with you either in person or via Teams, just give us a call or ask you tech! In this short training we’ll teach everyone the difference between spam, sure spam, phish and spoof categories of mail in thier quarantine and how to add someone to the allow list.
- Add Recipients to the Allowed List: We can add specific email addresses or full domains to the allow list that you want to make sure are delivered to help account for those that haven’t updated their email settings yet. Ask your Tech to help you fine-tune your “Allow List” to reduce the number of false positives for everyone at once.
What we don’t recommend is that you have all of the bad mail delivered to your computer. That is not best practice and it makes you very vulnerable to making a mistake. It a process but this is one of those tech changes that take some time to settle in. As we work through it with you it’ll get better and better.
The world of technology is moving at a fast pace and keeping up can be daunting. Change is inevitable. We cannot avoid it. When security is concerned, it is not something that we can drag our feet on. Harbor Computer Services will always strive to keep your data as secure as possible and at a reasonable cost!
About Harbor Computer Services
Harbor Computer Services is an IT firm servicing Southeastern Michigan. We work exclusively under contract with our clients to provide technology direction and either become the IT department or provide assistance to the internal IT they already have. We have won many awards for our work over the years, including the worldwide Microsoft Partner of the Year in 2010. Most recently we were recognized as one of the top MSP’s in the nation by ChannelFutures coming in at #40 nationwide. And in 2016 as the top Michigan IT firm for Manufacturing. There are a few simple things that make Harbor Computer Services the best choice for your business. •We are Professionals •We are Responsible •We care about your business
