Cyber-crime is on the rise, and it is old news that organizations need to secure all access points into their corporate networks to protect against online threats. This means that this security should extend to your Microsoft Exchange Outlook Web App (OWA) deployment as well.
There are many attack vectors that cyber-criminals can exploit to gain access to your networks and OWA is one of them because it is easily accessed by anyone with an internet connection.
The FBI recently released a security fraud alert warning of the increased cyber-criminal activity targeting financial institutions’ corporate networks, and has set out a list of best practices to protect against external security threats. These recommendations should be considered by all companies when planning their security policies, not just banks. Two in particular should be considered by any organization deploying OWA. Continue reading below to learn how you can protect the sensitive information contained within OWA email attachments, and read our next post in this series to learn about securing your OWA sign-on page.
FBI Security Recommendation #1 - Educate Users about the Dangers Associated with Opening Email Attachments
Educating your users is an important aspect in your email security strategy; however, there is a risk to be taken when relying on this avenue alone. Even though your users may have been taught and know how to identify security risks, they may not always make the right decisions. Likewise, educating your employees about social engineering attacks alone may be insufficient as attacks are becoming more sophisticated in tricking both unsuspecting and suspecting individuals alike. Education alone will not solve your problem. It is important, but it is not a solution in and of itself because the integrity of your security is left to rely on your users’ good judgment, or lack thereof. Instead, what should be in place is a system that cannot be circumvented by your users either intentionally or accidentally. This way you prevent them from having the opportunity of compromising network security from the start, meaning that the security policies you set are enforced.
This rationale for setting policy independent of user judgment and action relates to both opening OWA email attachments externally on non-corporate devices, as well as opening emails attachments internally. Set policies for email attachments beforehand rather than just relying on education to take away the possibility of this occurring.
Whether or not your employees recognize that their corporate email is safe or compromised, with Messageware AttachView, users can not make wrong decisions because they are not be presented with the opportunity to do so. With Messageware AttachView for Outlook Web App, the integrity of your networks no longer relies upon your employees’ knowledge, actions, or intent. Instead, your OWA security policies regarding email attachments are set by the rules that you have configured and are enforced automatically by your servers.
Messageware AttachView will give you control over OWA email attachment security settings such as the ability to allow or block viewing, opening, printing, or saving of email attachments. You can also disable the open/save options for attachments and instead only allow users to safely view them as secure web pages. Administrators can also block specific attachment files types altogether. The options presented to your users are dependent upon what rights they have, where they are accessing their email from, and what they are trying to do with it.
For more information regarding the security alert provided by the FBI on September 17, 2012, please visit the Internet Crime Complaint Center (IC3) website.