For years, corporations addressed their various email security needs through a mixture of third-party software “solutions” designed to address specific areas of vulnerability. Today, however, this approach is ineffective. New amorphous threats adapt to even latest security technology, helping hackers and spammers stay a step ahead of most stand-alone protective measures. System administrators remain in a reactionary mode, waiting for next attack and hoping their mixed bag of security software is up to test. The new challenges posed to email security demand a new approach that protects enterprises from all types of malicious attacks. Enter CipherTrust’s IronMail.

IronMail and Sarbanes-Oxley

CipherTrust’s IronMail has been created to protect organizations from both known and unknown email security attacks. IronMail offers automatic or manual updates to protect against both known and newly discovered email security threats and vulnerabilities, and comprehensive messaging security provided by IronMail assists organizations in key areas of maintaining effective internal controls. Specific financial information threats and vulnerabilities protected by IronMail include:

• Viruses, worms, and other malicious code
• Internal users and external hackers attacking email systems
• System failures from malicious attacks that can lead to subsequent legal liabilities
• Unintentional or malicious information access or exposure

IronMail provides a comprehensive solution to Sarbanes-Oxley information integrity requirements as they relate to protecting corporate financial information that is transmitted and stored via email. Everything from message privacy/encryption to email firewall and intrusion protection to content filtering is included in IronMail solution.

Take Next Step

Learn more about how IronMail helps organizations ensure Sarbanes-Oxley compliance by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaper, ““Contributing to Sarbanes-Oxley Compliance with IronMail”.

Employees must be educated not only about phishing generally, but also about how fraudsters might use social engineering and other methods to entice employees to divulge sensitive information to hackers outside organization.

With little knowledge of an organization’s business methods, hackers can easily distribute hundreds or even thousands of spoofed messages to an organization’s employees. The messages may ask for network passwords and usernames, or may attempt to fool employees into providing sensitive information to competitors.

It is important to properly train employees about what information is appropriate to share through email, and specifically what steps employees should take if they are unsure about authenticity of a request for information.

Information gleaned by fraudsters from corporate networks can be used in a variety of nefarious ways. In financial services industry, criminals can use credit cards to deduct money straight from accounts of unsuspecting victims. Many other organizations hold private healthcare information, or personal financial information that could be used by criminals to extort payoffs from corporations wishing to avoid bad publicity of a security breach becoming public knowledge.

Though deflecting this attack does involve a significant amount of education, providing content filtering on outbound e-mail traffic can flag suspicious communications. Looking for these regular expressions, like social security numbers and account numbers, can prevent a simple deception from becoming a major liability issue.

What to Do If You Are Victim of a Phishing Scam

If you become aware of fraudsters imitating your organization to commit phishing fraud, you should:

• Immediately educate your customers on how they can correctly identify phish
• Notify authorities of your situation. Phishing Fraudsters may have violated all or some of following Federal Laws:
  • 18 U.S.C. 1028(a)(7) – Identity Theft
  • 18 U.S.C. 1343 – Wire Fraud
  • 18 U.S.C. 1029 – Credit-card Fraud
  • 18 U.S.C. 1344 – Bank Fraud
  • 18 U.S.C. 1030 (a)(4) – Computer Fraud
  • 18 U.S.C. 1037 – CAN-SPAM Act
  • 18 U.S.C. 1028(a)(5) – Damage to computer systems and files
• Prosecute criminals – when Spammers use your trademarks to commit fraud, they are violating U.S. Trademark laws as well as anti-fraud laws. Your organization has right to defend its mark in court.

If you find that you are personally victim of a phishing scam, then you should identify what information was compromised and then: