Phone the Sender – Best or Worst New Security Practice?

  • Sophisticated phishing attacks may originate from compromised email accounts of legitimate business partners
  • New “best practice” security recommendation is to phone the sender whenever an unexpected attachment arrives
  • Bromium isolates each email attachment so that users can click with confidence and maximize their productivity

Do you receive a lot of email attachments from people you correspond with on a regular basis? Imagine if a new “best practice” security policy required you to telephone the sender to verify the legitimacy of each email attachment before opening it? Every time.

What would this do to your workday productivity, not to mention your outlook on life? Who answers their phones anymore anyway? Do you really have extra time in your day to phone the sender every time an unexpected email attachment arrives, then probably leave a voicemail message and wait for a return call that may or may not ever come? It almost defeats the purpose of having email in the first place!

Take this real-world scenario:

  1. A known vendor, customer, or business partner falls victim to a phishing attack, resulting in complete email account takeover by an attacker, including correspondence history
  2. Attacker uses the victim’s account, signature, and logo to send out highly targeted phishing emails based on legitimate prior correspondence with your organization
  3. The email includes a malicious Word document, spreadsheet, or PDF, often featuring specifics such as your actual customer name, account number, or invoice number

What would you do in the face of such a sophisticated attack?

Call the Sender. Really?

A widely-circulated article hit the Internet last month proposing a low-tech solution as a “cardinal rule”:

Granted, this is a frustrating and dangerous situation, as the majority of the red flags users have been trained to watch for simply aren’t present if the scammer uses a highly targeted approach like this.

However, there is one cardinal rule that you need to stress with your users to protect against a scenario like this: DID THEY ASK FOR THE ATTACHMENT?

If they did not, it’s a very good idea to double check using an out-of-band channel like the phone to call and ask if they sent this and why it was sent before the attachment is opened. There is little else that can be done. Yes, that is a little more work. But also, better safe than sorry.

Well, maybe if I received 1 email attachment a week instead of dozens, but trust me … it’s just not gonna happen at scale across your entire enterprise. And if mandated, it would grind your productivity to a crawl.

So, how do you ensure that your email attachments are legitimate, or at least ensure that they won’t cause you harm? If you have poor email security controls—or none at all—then the old-school ringy-dingy recommendation is certainly better than nothing. After all, the article laments that “there is little else that can be done.” I say that’s phony-baloney.

Bromium customers know better. Much more can easily be done, and it shouldn’t be the user’s responsibility in any case. Bromium’s virtualization-based security automatically hardware-isolates each incoming email attachment in its own disposable micro-VM container—away from the host operating system and the internal network—rendering phoning the sender and other dubious “best practices” email security recommendations completely moot. Users can safely open any email attachment without fear of breach—even if it contains malware—thus preserving workflows and their sanity.

Safely open any email attachment, even if it contains malware

The main problem with the “cardinal rule”—other than annoying both parties—is that unsolicited email attachments come in from legitimate business partners all the time. They’re the lifeblood of many common jobs, including:

  • Accounts Payable – Invoices from known suppliers
  • Sales – Purchase orders and quote requests from known customers
  • Warehouse – Shipping and delivery notifications from known carriers
  • Legal – Contracts and memoranda from known lawyers
  • Human Resources – Candidate resumes from known recruiters

Watch: Application Isolation Stops Malicious Email Attachments

Breachless email without worry or risk is achievable, as users must be permitted to safely open attachments from known and unknown sources to their jobs without restrictions or IT intervention. Today’s security perimeter has shrunk down to the application level, with vulnerability to known and zero-day attachment-based malware that can exploit the host and gain a foothold into the organization. Bromium’s secure native application isolation delivers clear benefits over email malware scanners and sandboxes as the last line of defense, allowing organizations to:

  • Safely open any email attachment from Outlook or webmail, even if it contains malware
  • Eliminate restrictive IT security policies that limit access to email attachments
  • Empower users by removing time-consuming manual email verification steps that detract from productivity

The next time you receive an unexpected email attachment, instead of calling the sender, just call Bromium instead.

Let Bromium secure and validate your email attachments so users can do their work, safely open any email content, and click with confidence!

The post Phone the Sender – Best or Worst New Security Practice? appeared first on Bromium.

*** This is a Security Bloggers Network syndicated blog from Bromium authored by Michael Rosen. Read the original post at: