Security Gateway 6.5 – With Improved Attachment Handling & Database Support

If you’re in charge of managing your company’s email, whether you’re running an in-house Exchange server or Office 365, you’ve certainly become all too familiar with the latest threats posed by cybercriminals – threats that go far beyond the old-school Nigerian Prince email scam that has become the brunt of jokes over the past couple of decades. So if protecting your employees from email-borne scams is important to you & your business, a secure email gateway to protect against phishing, malware, data leaks and other threats would be a sound investment.

If you’re looking for email security solution that will block the most spam, viruses, and phishing threats, with user-friendly email traffic reports, email archiving, and Data Leak Prevention (DLP) at a price that’s affordable for small businesses, consider Security Gateway for Email Servers.

Announcing Security Gateway 6.5!

This week, we released Security Gateway 6.5, with improved attachment handling and external database support.

Macro Detection in Office Documents

Cybercriminals often use macros in email attachments to spread malware. In Security Gateway 6.5, the Cyren Antivirus engine can be configured to detect macros in Microsoft Office documents and flag them as infected.

SecurityGateway for Email Servers - Antivirus Flag Macro
SecurityGateway for Email Servers – Antivirus Flag Macro
Improved Handling of Restricted Attachments

Messages sent from Microsoft Outlook in Rich Text format are sent with an embedded file containing formatting data. Receiving email clients that do not understand this data may display it as a Winmail.dat attachment. To prevent users from bypassing the restricted attachments list by attaching restricted file types to rich text emails, SecurityGateway can now look inside Winmail.dat attachments for restricted file.

Security Gateway can now also scan RAR archives for restricted attachments.

External Database Support

Security Gateway installs with its own embedded Firebird database, however, in the latest release, administrators can configure Security Gateway to use an external Firebird database for improved performance.

Other Improvements

These are just the highlights. Additional features include email archive journal reports plus enhancements to manage archive and Sieve scripts via the API. You can read the full list of new features here in the release notes, or download your free trial to begin protecting your business against the latest threats!

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

Recent Business Email Compromise (BEC) Scams are Reminder to Educate Users

Online scams are nothing new. But as email has evolved and improved, so have scammers and the messages they send. Nefarious emails, attachments and links now appear sophisticated and look legitimate, sometimes tricking even the most meticulous user.

Billions Lost to Business Email Compromise

Over the last three years, organizations all over the world have lost a collective $26B to a very specific type of email scam – Business Email Compromise, or BEC. Recently, a BEC scheme in Spain was brought down, but not before taking over €10M. A scammer in Canada impersonated a contractor and fooled city employees out of over $1M. And the FBI is investigating a network of over 80 people across multiple countries in an attempt to use a BEC plot to steal $46M.

Why do BEC Scams Work so Well?

Top 10 Business Email Compromise Protection Tips
Top 10 Business Email Compromise Protection Tips

BEC emails are advanced phishing scams, and they’re on the rise. But what makes a BEC attack so dangerous, and so effective?

BEC Scams are Highly Targeted

Scammers aren’t blasting thousands of the same email. They’ve done the research, monitoring the company’s website and social pages. They find the appropriate target, and groom them by sending multiple conversational emails, establishing trust.

They Contain No Malware

Unlike the old style of phishing, where users are told to click on a link, BEC emails have no spammy links. This means they can sometimes evade spam filters, and the end user doesn’t see any red flags.

They Exploit Human Nature

BEC emails imitate an actual person, complete with real-looking email addresses, formatting, company names, and titles. The victim has unknowingly been emailing back and forth with the scammer and trusts that they are who they claim to be. So when asked to send bank information, for example, the victim assumes the request is authentic and complies.

They are Often Under-reported

Victims often don’t realize they made a mistake until much later. And even upon realization, many companies don’t report the incident for fear of damaging their reputation with their customers. Not reporting such incidents allows perpetrators to simply move on to their next victim.

Learn How to Stay Protected Against these Email Scams

Preventing losses to Business Email Compromise is the responsibility of both the end user and the IT administrator. To stay protected, follow these tips:

End Users:
  • Double-check the sender email address & recognize spoofing and other impersonation tactics. MDaemon Webmail displays the full email header to help users identify spoofed emails.

    MDaemon Webmail Full Email Header Display
    MDaemon Webmail Full Email Header Display
  • Don’t overshare on social media
  • Don’t open email from unknown sources
  • Verify all wire transfer requests via phone or face-to-face
  • Know customers’ & vendors’ business practices
  • Run antivirus software often
  • Use two-factor authentication
  • Forward, don’t reply. Ensures you manually enter the appropriate email address.
Administrators:
  • Enable reverse lookups to verify the legitimacy of the sender
  • Use the antivirus features in MDaemon and SecurityGateway to scan all inbound and outbound email traffic
  • Require users to use SMTP Authentication
  • Use SPF, DKIM & DMARC to secure your domain against spoofing
  • Require two-factor authentication
  • Require strong passwords
  • Provide regular end-user training
  • Run antivirus software often and make sure virus signatures are up-to-date

While traditional security measures such as network defenses and email gateways can be effective at blocking most varieties of spam, the bottom line is that the most critical part of stopping BEC attacks is user awareness and education.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •  

3 Ways Security Gateway for Email Helps Businesses Stay Compliant

Staying informed of the latest data privacy regulations can be a challenging endeavor, with a plethora of different security and retention requirements based on industry. And as these laws and regulations continue to evolve, businesses will need to evolve as well to keep up.

The timeline for compliance with new data privacy laws is “yesterday”

As Cynthia Cole, special counsel in the Palo Alto technology practice at law firm Baker Botts says in a recent interview, the timeline for data privacy compliance is “yesterday”. And because cybercriminals continue to target users with phishing campaigns and malware downloads, user education continues be a top priority.

So whether you use Office 365, Microsoft Exchange, or any other on premise or cloud hosted email service, are you confident you are protected from accidental or intentional exposure of confidential information contained in email, such as Social Security or Tax-ID numbers, or bank account numbers?

Archiving with Data Retention & Legal Hold in Security Gateway

Security Gateway includes built-in archiving and data retention policies, plus legal hold, to help businesses meet evolving data retention laws. It’s simple to set up and can help your business avoid serious litigation headaches.

Prevent Leaks of Sensitive Data

Companies of all sizes continue to suffer data breaches, and while the larger victims often make the news, many smaller companies don’t, and as many businesses have reported losses, countless more have fallen victim but have chosen not to report the incident in order to protect their reputation.

A small, early investment in additional email security and compliance can help your business avoid much costlier losses later.

Security Gateway’s Data Leak Prevention feature can help protect businesses against the loss of confidential business data transmitted via email, such as PHI (protected health information), financial data, Social Security numbers, and much more. Messages containing sensitive data can be encrypted or sent to the administrative quarantine for further review.

If you’re ready to start protecting your business against regulatory violations and data leaks, sign up for a free trial of Security Gateway for Email, and if you have questions, leave us a comment or click here to contact us by phone or email.

Spread the love
  •  
  •  
  •  
  •  
  •  
  •