Maksim Kabakou - Fotolia

Security Think Tank: Equip employees to guard against malicious attachments

What strategies should organisations follow to block malware attachments which continue to account for two-thirds of malware infections that result in data breaches?

According to Verizon’s 2017 Data Breach Investigations Report, two thirds of malware was installed via malicious email attachments.

Large organisations know it is inevitable their employees will at some point receive attempts to access their network via malicious emails in their inbox.

As such, most businesses will ensure barriers are put in place to reduce the risk of such attachments being opened. This comes in various forms including email filtering software, antivirus products and newer, more elaborate measures such as web isolation technology. However, although able to block most malicious emails, they are not 100% successful and a number of potentially dangerous email attachments find their way into the inboxes of users.

Opening a malicious email attachment has the potential to prevent access to files and data, install a virus, provide remote access to that computer and the company’s network or install a key logger. These activities could lead to financial losses, stolen data or reputational damage.

But such attachments only pose a danger if they are opened and allowed to execute the program contained within. This can be avoided with comprehensive awareness training, which needs to go beyond the online courses used by many large organisations; these have proved to be low impact because they are usually just clicked through with little interest. Full engagement during sessions is important for information retention.

A better approach is to provide employees with a more interactive method of learning. Methods include a series of emails to examine; ones with malicious intent are amongst genuine messages from colleagues or clients that the employee would usually receive, thus representing a real-life scenario.

A follow-up exercise some time after the training course, in which employees are sent an internal phishing email, allows security teams to identify employees that are able to spot malicious emails and those that require more training.

Training should also highlight the simple method of recognising the extension types of an attachment that are easy red flags. Dangerous executable .exe files can be renamed to a seemingly harmless txt, xlsx, zip or pdf files which can allow them to evade filters. Files with Microsoft Office extensions that are commonly sent between colleagues can contain scripts or macros that can also cause damage. This risk can be reduced by configuring document running programs, such as Word and Adobe, to notify the user before running scripts or macros – or turning off this ability entirely.

A second and commonly overlooked technique is to check the address of the sender is the same as is displayed in the email. By clicking on or hovering over the sender’s address, the actual account from which the email was sent will display. A different address, or one that does not have a professional format, indicates cause for concern.

Other obvious ways to identify an email with malicious intent is noting the general lack of professional email etiquette such as poor spelling and grammar, requests for personal information and over-the-top email titles designed to attract attention.

Stopping malicious email attachments from entering users’ inboxes completely is a fantasy that will never come to fruition. However, preventing the damage they seek to inflict is feasible with strong awareness training programs and employees that understand the gravity of the damage one file can cause.

Read more on Security policy and user awareness