Open Forum

Email security is a critical concern for businesses and individuals alike. With the rise of cyber threats, it's essential to understand how to protect your emails from being spoofed or used for phishing attacks. Here's a simplified guide to email security and some recommendations to get started:

• Email Authentication Standards: Technologies like DMARC, SPF, and DKIM verify that emails are sent from authorized servers. Think of them as digital signatures that help prevent email fraud.
• Setting Up SPF: SPF records list authorized mail servers for a domain1. It's like a guest list for a party, ensuring only invited servers can send emails on your domain's behalf.
• Implementing DKIM: DKIM adds an extra layer of verification, ensuring that emails are not only from authorized servers but also haven't been tampered with in transit.
• Adopting DMARC: DMARC policies tell receiving servers how to handle emails that fail authentication checks. It's like giving instructions on what to do if an uninvited guest shows up.

Recommendations for Beginners:

1. Start Simple: If you're a small business using services like Google Workspace or Microsoft 365, setting up these email security measures is straightforward.
2. Seek Expert Help: For more complex setups, consider consulting with a service provider to avoid misconfigurations that could block legitimate emails.
3. Regular Oversight: Review your email security settings regularly and update them as needed to maintain protection against evolving threats.
4. Educate Your Team: Make sure your team understands the importance of email security and knows how to recognize suspicious emails.

By taking these steps, you can significantly reduce the risk of email-related cyber threats and safeguard your communications. Remember, email security is an ongoing process, not a one-time setup. Stay vigilant and keep your defenses up to date.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------

This is a great guide, Genady! I'd also suggest adding 2FA (two-factor authentication) as a security measure to safeguard vulnerable information and minimize the risks associated with compromised passwords.

------------------------------
Anton Tonev
Co-Founder
Rexera
------------------------------

Genady and Anton are spot on with their advice.  

Inadequate controls over email is the common theme in most business email compromise incidents that we see with our customers.  The simple - albeit powerful - controls outlined by Genady and Anton would prevent almost all of the situations that are incredibly devastating for customers and citizens involved in real estate transactions.  It breaks my heart to see hard working people and citizens get scammed by unscrupulous criminals. 

New York sets the most stringent cybersecurity compliance bar in our industry; a bar that many other states also tend to adopt. Last fall New York drew a line in the sand with a new requirement (NYDFS 500.12) that mandates multifactor authentication.  This requirement has an 11/1/2025 effective date. However, from a risk perspective, every organization should pursue that goal much sooner, and particularly for email.   

Our industry is putting lot of focus on spotting wires that are potentially high risk, which is very good.  However, the crux of the problem is that fraudsters are inserting themselves in email-based transactions by compromising poorly secured email systems.  They sit and wait until the time is right, and then they pounce.  It makes me both sad and angry to see this happen over and over with horrific life-changing consequences for innocent people.

I really liked this post.  Thank you for taking the time to share this super important advice, Genady and Anton.  

Chris

  

 

 

------------------------------
Christopher Buse
CISO
Old Republic National Title Insurance Company
Minnetonka MN
+1 (612) 371-1132
------------------------------

Original Message:
Sent: 05-23-2024 09:44
From: Anton Tonev
Subject: Security BUZZ - Understanding Email Security: A Guide for Everyone

This is a great guide, Genady! I'd also suggest adding 2FA (two-factor authentication) as a security measure to safeguard vulnerable information and minimize the risks associated with compromised passwords.

------------------------------
Anton Tonev
Co-Founder
Rexera
------------------------------

Thank you for sharing! So important to constantly be talking about!

------------------------------
Sonya Rarey
President
Birchway Title Agency, LLC
Independence OH
+1 (614) 581-3800
------------------------------

Original Message:
Sent: 05-17-2024 09:13
From: Genady Vishnevetsky
Subject: Security BUZZ - Understanding Email Security: A Guide for Everyone

Email security is a critical concern for businesses and individuals alike. With the rise of cyber threats, it's essential to understand how to protect your emails from being spoofed or used for phishing attacks. Here's a simplified guide to email security and some recommendations to get started:

• Email Authentication Standards: Technologies like DMARC, SPF, and DKIM verify that emails are sent from authorized servers. Think of them as digital signatures that help prevent email fraud.
• Setting Up SPF: SPF records list authorized mail servers for a domain1. It's like a guest list for a party, ensuring only invited servers can send emails on your domain's behalf.
• Implementing DKIM: DKIM adds an extra layer of verification, ensuring that emails are not only from authorized servers but also haven't been tampered with in transit.
• Adopting DMARC: DMARC policies tell receiving servers how to handle emails that fail authentication checks. It's like giving instructions on what to do if an uninvited guest shows up.

Recommendations for Beginners:

1. Start Simple: If you're a small business using services like Google Workspace or Microsoft 365, setting up these email security measures is straightforward.
2. Seek Expert Help: For more complex setups, consider consulting with a service provider to avoid misconfigurations that could block legitimate emails.
3. Regular Oversight: Review your email security settings regularly and update them as needed to maintain protection against evolving threats.
4. Educate Your Team: Make sure your team understands the importance of email security and knows how to recognize suspicious emails.

By taking these steps, you can significantly reduce the risk of email-related cyber threats and safeguard your communications. Remember, email security is an ongoing process, not a one-time setup. Stay vigilant and keep your defenses up to date.

#ALTACyber

------------------------------
Genady Vishnevetsky
Chief Info Security Officer
Stewart Title Guaranty Company
Houston TX
------------------------------