Posts

Bryley Systems selects SOPHOS Reflexion to replace McAfee Endpoint Protection

After careful consideration and a review of competing products from ProofPoint and others, we have selected Reflexion Network’s Total Control Email Security to replace McAfee Endpoint Protection, which will end-of-life in January 2017.

Reflexion Networks is a SOPHOS Company. SOPHOS is a growing, IT-security-product Company with a rich history in securing and protecting computer networks, servers, and end-users under the slogan: Security made simple. Reflexion offers a wide range of email-security services that match and improve upon the capabilities offered by McAfee Endpoint Protection.

Implementation will begin early 2016 and should conclude by mid-year.

Email Best Practices

Recommended practices – Part 4:  Email use

This is a multi-part series on recommended practices for organizations and their end-users.  Additional parts will be included in upcoming newsletters.

Email is still the primary business application, although alternatives like texting and social media are gaining ground.  Most business people email to clients, prospects, vendors, stakeholders, etc. on a regular basis; they also accept emails from those in the outside world, occasionally with unforeseen consequence.

Organizations should consider email use in these areas:

  • Inbound – Email received by the organization’s end-users
  • Outbound – Email sent from end-users to others outside the organization
  • Etiquette – The appropriateness of the email’s message and content
  • Archiving – The ability to store and retrieve historic email

I’ll describe the specifics and offer IT solutions to manage each area.

Inbound email

End-users constantly receive email, usually without incident.  However, one misstep in responding can lead to a malware outbreak (or worse).  Plus, failing to block inappropriate email content, even unknowingly, can lead to legal repercussions.  (For example:  An employee could object to receiving an email with explicit pornography and decide to pursue legal recourse.)

Most email-based attacks occur via an attachment; the attachment holds malware designed to activate, usually without fanfare, when the attachment is opened.  Often the email message is enticing, in-disguise, or just plain compelling; the end-user believes that opening the attachment is the right thing to do.

Basic rules for opening an email:

  • Do not open email from an untrusted source; when in doubt, check it out
  • Do not click on an attachment before verifying its integrity
  • Always ask for help if uncertain

The best tool is an email-filtering service or device; a service sits outside your organization (Cloud-based) while a device typically sits inside (on-premise).

A Cloud-based, email-filtering service can improve Internet performance by reducing incoming traffic; all emails are captured by the service before they enter the organization’s Internet connection.  Some services (i.e.: McAfee SaaS Email Protection and Continuity™ or MEPC) also offer email continuity, which provides the ability to receive and respond to email even when your email server or email service is unavailable.  Most email-filtering services are billed monthly on a per-user basis, requiring little or no up-front expenditure.

An on-premise, email-filtering device requires upfront expenditure, but can provide a cost-advantage solution at organizations with many users.  To calculate the true cost per user, you would figure the annual cost of the device, add the annual maintenance fee and support costs, and divide by the total number of users.

Both offer advantages; pick one or use both.  (We offer McAfee Email Protection and Continuity and our Secure Network™ as service options, but also deploy, on-premise, Barracuda’s Spam Filter, Cisco’s IronPort, and WebSense.)

Outbound email

Outbound email should be secure; you don’t want to expose confidential details to an outsider.  However, email is typically sent via open-text format; the contents of the email are unencrypted and can be pieced together by others.

Email typically flows in this fashion:

  • Sender composes the email; this might be on a standalone application like Microsoft Outlook or on a web-based interface like Google Gmail.
  • Sender sends the email, which ships it to the sender’s email server/service.
  • The email server/service addresses the email according to the recipient’s email domain and then forwards it to the email server/service within the recipient’s email domain.
  • Email server/service within the recipient’s email domain receives the email, verifies that the recipient exists within this domain, and then forwards the email to the recipient.
  • Recipient receives the email.

Email within an organization’s email domain via an internal email server is usually secure; an external email service must be examined to ensure messages are encrypted between the sender, service, and recipient.

Security can be enforced through encryption, which offers levels of enforcement.  For example:  You can be forced to encrypt any email with the words “social security number”, but not encrypt other emails.  Likewise, you can encrypt all email from the Accounting team while not encrypting emails from the Marketing team.

Email encryption is available via external services (we recommend McAfee SaaS Email Encryption™) or through an on-premise device (Cisco IronPort or WebSense).

Email etiquette

You should consider what you are saying and how it might affect the recipient.  Even more important, for legal reasons, you should block inappropriate content and malware from being emailed by end-users within your organization.

Outbound policy enforcement and management is available as an external service through McAfee SaaS Email Protection and Continuity, which monitors outgoing email for inappropriate content and malware.  Both Cisco IronPort and Websense provide this capability on-premise.

Beyond the basics listed above, email etiquette extends to these areas:

  • Sending – Always verify grammar, spelling, courtesy, and content
  • Formatting – Don’t type all CAPS; use a white background for readability
  • Forwarding – Don’t forward emails unless relevant and desired by recipient
  • Attachments – Zip large attachments and virus check before sending
  • Privacy – Hide recipients email address when sending to a group

My favorite rules (which I sometimes break):

  • Don’t say things in an email that you would not say verbally to the recipient.
  • If your email is emotionally tinged, sleep on it overnight before sending.

For tips on email etiquette, please visit http://www.101emailetiquettetips.com/.

Email archiving

Archiving is all about reliable storage and quick retrieval; you never know what you might need to bring back to life or when it will be needed.  Saving tens or hundreds of thousands of emails can be challenging; finding the right email can be virtually impossible, but might be required at a moment’s notice.

Archiving can reduce management and storage costs while satisfying e-discovery and compliance requirements.  Archiving can also simplify requests for email histories during litigation.

We recommend these archiving options:

 

Bryley Basics: Getting you informed in 100 words or less

Tips on email attachments

Most folk send attachments with their emails; it is a quick, easy way to share a file with the email recipient.  However, attachments can have a negative impact on your computer-network infrastructure:

  • Emails saved with attachments consume storage.
  • Large attachments slow performance and may be rejected by the provider.
  • Attachments copied to a distribution list (a group of email users) are copied multiple times, once for each user, which can impact network bandwidth.

In addition, emails received with attachments should be treated cautiously, since attachments may become sources of infection.  Basic suggestions when receiving:

  • Do not open if the sender is unknown or suspect.
  • Limit total attachments to under one Gb; zip files greater than one Gb.

 

 

Hackers Hijack Email Contacts

Have you received a rogue email from a friend or acquaintance that seems out of character?  For example:  Why is Aunt Mildred calling me “Friend” in her email?  Or, does neighbor Fred really want me to invest in Nigeria?

Odds are, their email accounts – particularly if located at online services like Gmail, Yahoo! Mail, or Windows Live Hotmail – have been hijacked.  (Visit About.com at About.com:Free Email Review for a review of the top 16 free email services by Heinz Tschabitscher.)

With an online service, the email application is cloud-based; the application does not reside locally on the computer, so it is probably the online account that has been compromised.  (Your PC could also be infected, which is discussed later.) Typically, the password is discovered, providing an easy entry to stored emails (which could contain sensitive information) and a contact list that can be exploited.

If this happens to you, login to your account and take these steps:

  • Change your password – Use a complex password with at least eight upper and lower-case characters, numbers and special characters.  (Please See the January 2013 issue of Bryley Tips and Information for the article “Simple passwords = disaster” at Bryley-Tips-and-Information-January-2013
  • Change your Recovery Information (challenge questions) – If the hacker has account access, he/she can retrieve your challenge questions.  Using these questions, he can then reenter the account after you change the password.
  • Set the highest-possible level of security – Select the highest-possible level, even though it adds complexity to the login process.
  • Check related accounts – You might have put passwords into saved emails that the hacker can now access.  Change your passwords and your Recovery Information on all other accounts that might have been compromised.
  • Contact list – Email the folks in your Contact list and tell them:  “I am having an issue with my email account, which I am addressing.  Please contact me if you receive an unusual email that appears to have come from my email address.  Do not open any links within the email itself.”
  • Backup emails and contacts – Backups allow recovery; backup your contacts whenever you add or change a contact.  Backup your emails as often as necessary to keep from losing stored emails.

As with any account, change your password regularly and change your challenge questions periodically.  Visit the About.com article on how to change your Gmail at About.com: Change Your Gmail Password.

For a related article by Leo Notenboom at Ask Leo, please visit Ask-Leo.com: How to stop someone sending email with my address.

If the email application reside locally and connects to a secure site, your PC would be suspect and should be interrogated by virus and malware scanners.  You should also scrutinize your Microsoft Outlook contacts and rename the Contacts folder.

It is still possible that your computer is infected; your account information might have been recovered through a keyboard logger that records your keystrokes and sends them to the hacker.  If so, you need to clean-up your computer before taking the steps above.