Mimecast’s Integrated Security And Email Continuity|
Organisations rely on email for daily business communication. While most are protecting against low-level threats, more sophisticated email-based attacks that can compromise end-users and entire corporate networks, are on the rise.
Whether using a cloud provider or an on-site server, the risks associated with email are the same. Email defences should secure an organisation and its employees against attacks while allowing work to continue despite server downtime.
Mimecast enables organisations to manage the risks of email with both security and cyber resiliency. It offers targeted threat protection and continuity in a single, integrated service.
Email phishing is one of the most popular cyber-attack vectors. It’s a technique commonly employed to coerce a user into visiting a site that contains malicious content or into providing information. Phishing emails of this kind are usually distributed to multiple users to maximise the possible number of victims and the potential reward. Both users and automated spam detection solutions usually easily identify this type of phishing. Yet, despite this, it still proves to be effective.
Spear phishing, however, employs a targeted approach. It uses information gathered about a specific target to produce a seemingly legitimate message that is enticing enough to be opened. These types of attack can be difficult for users to identify and can lead to damaging consequences, such as substantial network compromise.
In the case of whaling, hackers use social engineering to trick users into divulging sensitive information or even into making money transfers. A carefully written email, sent at the right time, from one executive to another, for example, may be just enough to coerce payment or the divulgence of sensitive company information.
There’s no malware or dubious web link attached, just a brief, text-only email. Personalisation and detailed knowledge are the hallmarks of this type of fraud. A whaling attack will often use a domain name that looks very much like a trusted one, yet with subtle and almost imperceptible changes.
For this reason, Mimecast extends traditional gateway security that defends against malicious links and weaponised attachments to cover the greater sophistication of whaling attacks.
Mimecast employs real-time scanning to block suspect websites and sandbox suspicious attachments, thus preventing employees from inadvertently downloading malware or revealing credentials. Spoofed emails requesting financial transactions or sensitive information such as employee tax documents are also blocked.
User awareness improves frontline security. It’s important to engage employees in assessing risks. Actions, such as reporting suspicious emails, will reinforce company security policies. Mimecast incorporates Data Loss Prevention (DLP) strategies to ensure users do not send sensitive information outside the corporate network. DLP software products monitor outbound email traffic in real-time to protect confidential and critical information so that unauthorised end users cannot accidentally share data, the disclosure of which could put the organisation at risk.
In the event of a network compromise, disaster recovery can be complex. Planning how to respond to such an event and scheduling maintenance can be difficult. System downtime not only impacts negatively on customer service and productivity but may also incur a potential loss of revenue. If an outage does occur, consistent communication and fast service restoration are essential. For some companies, it may seem that the only way to avoid system downtime is by investing in duplicate systems. Mimecast, however, offers integrated services to ensure email continues to flow during server outages. Employees are able to continue accessing email as usual and are often unaware that a problem has even occurred.
Mimecast steps in to deliver email to end users during planned and unplanned outages of email service. Managed from a single web console, administrators remain in control during a downtime event while maintaining all inbound and outbound security policies. Mimecast gives users uninterrupted access to live and historical email as well as calendar and contacts, to ensure employees keep working during downtime events. Web and mobile applications mean downtime doesn’t impact employees even when working remotely. With no on-site equipment to maintain and a single provider of support, Mimecast instantly reduces the administrative burden.
True cyber resilience is a broad approach that encompasses cyber security and business continuity management. It aims to not only defend against potential attacks but also to ensure an organisation’s survival following an attack. Security breaches will occur. Organisations should anticipate being targeted and work to mitigate the risk posed when an attack is successful. Expecting a breach and being prepared to handle it is part of a mature cyber resilience strategy.Share this article