Message Labs Africa

24/12/2020

04/11/2020

Training your employees on password hygiene best practices go a long way in protecting modern enterprise security. They include;

1. Changing passwords regularly
2. Using different passwords for different accounts
3. Creating passwords using a mix of numbers, letters, and symbols
4. Using password managers to generate random strong passwords
5. Implementing multi-factor authentication in case of compromised passwords
5. Using app passwords especially for emails accessed on local clients such as Thunderbird etc

You probably don’t use half of these practices, do you?
https://msgafrica.com/blog/10-elements-of-employee-security-awareness-training/

03/11/2020

Phishing awareness is a critical part of your security awareness training programs. Phishing awareness training programs should include;

1. Phishing scams explained
2. Common types of phishing scams
3. How to spot phishing emails
4. Do’s and don’ts when dealing with phishing emails
5. Creating a comprehensive reporting system
6. Simulating phishing attacks to test your employee’s vigilance

Read more on the 10 critical elements of an effective employee security awareness training program.
https://msgafrica.com/blog/10-elements-of-employee-security-awareness-training/

30/10/2020

Human error is the beginning of over 90% of security breaches. Without proper continuous training, your IT department implements different security systems, patching vulnerabilities, etc in vain.
Employees security awareness refers to;

1. Employees understanding cybersecurity threats that face businesses daily
2. Their ability to identify these threats
3. Effectively responding to cybersecurity threats
4. Possessing the knowledge of different compliance regulations and how to observe them. For example, GDPR policies

Read more at https://msgafrica.com/blog/10-elements-of-employee-security-awareness-training/

28/10/2020

https://msgafrica.com/blog/10-elements-of-employee-security-awareness-training/

26/10/2020

During email delivery, SPF allows the receiving mail server to check that an email claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators. This is how it works:

1. The recipient email server asks the sender’s domain to verify that the sender is authentic.
2. The recipient email server requests a list of IP addresses the domain has authorized to send emails on its behalf. An SPF record contains this list and is published on the sending domain’s (Domain Name System) DNS
3. If the email’s origin, i.e. IP address does not appear on the said list, the SPF will ‘fail’ the email.
Read more about SPF authentication below

Email authentication enables domain administrators to block spoofed emails, phishing scams, and to some extent, spam emails. These techniques help a receiving email server or mailbox provider verify that incoming emails originate from a source the domain it claims to be from has authorized

22/10/2020

SPF, DKIM, and DMARC email authentication techniques explained in simple English. Get to understand how these techniques help organizations stop spoofing of brands and reduces the number of phishing emails that make it to their mailboxes.

Email authentication enables domain administrators to block spoofed emails, phishing scams, and to some extent, spam emails. These techniques help a receiving email server or mailbox provider verify that incoming emails originate from a source the domain it claims to be from has authorized

22/10/2020

Email authentication enables your domain administrators to block spoofed emails, phishing scams, and to some extent, spam emails. These techniques help a receiving email server or mailbox provider verify that incoming emails originate from a source the domain it claims to be from has authorized.

Most phishing attacks come from an email with a spoofed or forged sender’s address. Usually by forging the “from line”.

Verifying senders’ identity stops phishing and spoofing from reaching your employees’ mailbox. It provides information businesses can use to understand spoofing and phishing efforts against their brands.

Would you like to learn more about email authentication techniques? Click the link below
https://msgafrica.com/blog/protect-business-brands-with-email-authentication/

21/10/2020

Email security awareness training for users and employees supports underlying security policies. It is a must-have defense mechanism that engages your employees in assessing risks as part of their workflow. Key areas to consider while implementing an effective organization-wide email security training program include;
- Email scams
- Malware
- Password security
- Removable hardware such as hard drives and USBs
- Safe internet use
- Social networking threats
- Physical security and environmental controls
- Data management and privacy
- Bring Your Own Device (BYOD) policies
Read more below on how to prevent spoofing and phishing emails
https://msgafrica.com/blog/the-threat-of-email-spoofing-and-phishing-emails/

21/10/2020

How can businesses protect their network, users, and brand from the implications of spoofing and phishing attacks?
https://msgafrica.com/blog/the-threat-of-email-spoofing-and-phishing-emails/

15/10/2020

Tips on how to identify a spoofed message in the email headers.

1. Identify that the ‘From‘ email address matches the display name. The "from" address may look legitimate at first glance, but a closer look in the email headers may reveal that the email address associated with the display name is actually coming from someone else.

2. Make sure the ‘Reply-To‘ header matches the source. This is typically hidden from the recipient when receiving the message and is often overlooked when responding to the message. If the reply-to address does not match the sender or the site that they claim to be representing, there is a good chance that it is forged.

3. Find where the ‘Return-Path‘ goes. This identifies where the message originated from. While it is possible to forge the Return-path in a message header, it is not done with great frequency.

https://msgafrica.com/blog/the-threat-of-email-spoofing-and-phishing-emails/

Email spoofing is a common tactic used by cybercriminals to send out spam and phishing emails. Spoofed emails can appear to be from trusted shopping websites, government institutions, suppliers, among others.

14/10/2020

A spoofed email will appear to be from a legitimate or trusted source, but if you look closely, you may spot anomalies that identify the message as a spoofing attempt.

The actual email address may be different from the display name. Display name spoofing portrays a display name of the person being impersonated while leaving the actual sending email address intact. Scammers can also spoof the entire email address as well or just the domain name, i.e., what follows the @ symbol.

Example 1: “John Doe” [email protected]
Example 2: “John Doe” [email protected]

Additionally, the email address in the header will not match the sender’s email address, and the “Reply to” field in the header will not match the name of the sender. You can find this in your email header information.

Read more on how you can prevent spoofed emails from reaching your mailbox with email validation technology
https://msgafrica.com/blog/the-threat-of-email-spoofing-and-phishing-emails/