30 April 2019
Email is a crucial business and communication medium in the digital world. The majority of our communications (including confidential communications) are carried out over email.
Email is also the favourite mode of initial attack or entry point for most cyber criminal activities.
Phishing, whaling, and malware campaigns are the most common examples where email provides a criminal with a platform from which to carry out attacks, as mentioned last month in our newsletter on BEC scams.
Organisations test their internal infrastructure with technical security audits, their external infrastructure with various types of penetration testing, and aim to raise their user awareness with internal phishing simulation activities.
However, organisations routinely forget to regularly check and test the security controls they use to filter, secure, and process emails.
Kaon Security’s Email Risk Security Assessment focusses on addressing this gap and provides unique intelligence based on the outcome of the security assessment.
Some of the key aspects covered during the email security & phishing threat assessment are:
The outcome from the Email Security Assessment could significantly help to inform key business and IT security decisions.
Some of the key benefits of this assessment include:
This exercise can be supplemented with a controlled real-world external Phishing campaign with uniquely crafted user awareness landing pages.
Our experience shows that these campaigns can yield more impact when compared to deploying an internal phishing simulation run over several months.
ASD Essential 8 content
Last month we also discussed the very useful technical security controls guidance available from Cert NZ and the Australian Signals Directorate. We have recently augmented the IT Policy System to incorporate a mapping of policies to the ASD Essential 8. This has seen the addition of 3 new sections of content in the technical policy area and 9 changes to existing policy content. These additions along with a selection of other enhancements will form the basis of version 19 which will be ready for shipping 2nd week of June.
NSW Regional Centre Adopts IT Policy Lite System
Our IT Policy Lite System provides a very cost effective way to develop, deliver and then maintain organisational IT security policies.
One of our recent projects for Broken Hill City Council (BHCC) saw us addressing the following challenges -
Having deployed the system at BHCC, Gerald VanDenHeuvel, Manager Information Services comments “We are now in a good position to communicate to staff how to reduce risk through improved compliance, create an awareness of their responsibilities and to ensure Council meets legislative requirements"
Click Here to view the BHCC case study.
If you plan to attend the LGITSA event in Adelaide 2nd May feel free to call by our stand.
To discuss our Email Security Assessment, your IT Policy requirements or any of our other professional IT services offerings, contact Mike or Steve.
Which Essential controls should be at the top of your list? >