In today’s digital economy, all email is sensitive. Even one data breach can have potentially devastating effects on your business. In addition, new data privacy regulations such as GDPR have gotten everyone scared and mostly just throwing their hands up and hoping a breach doesn’t happen to them. Understandably, it’s an issue business owners don’t really want to pay attention to until they face the consequences, such as a phishing attack targeting their business or a hacker’s breach of sensitive business email or services.

We can keep your business safe from phishing attacks and email breaches with Domain Message Authentication & Conformance (DMARC). Don’t worry, that’s the last time we’ll make your eyes glaze over. Think of DMARC as a traffic cop for your email and it gets a bit more exciting.

Let’s back it up – why do I care about phishing?

Phishing is a specific kind of email that a hacker uses to steal your passwords for vital services. For example, you may have seen a poorly written email that looks like it’s sent from billing@paypal.com that you’ve immediately dismissed as not legitimate. But just because you’ve done that in the past doesn’t mean that you – or your employees – are safe from hackers. Phishing is getting more and more sophisticated, to the point where extremely intelligent people can easily fall prey to a well-crafted email. Generally, once a hacker has managed to grab one set of passwords to one service, they can gain access to others, particularly if they net a holy grail target such as your G Suite account login or banking information login.

OK – so what does DMARC do for me?

DMARC is a tool which is designed to protect against “direct domain spoofing”, which is what the hacker is doing when he tries to make the email look like it’s coming from PayPal, Gmail, or another service you use every day. When an email is sent by an unauthorized sender, DMARC can be used to detect the unauthorized activity and block or discard those messages. There are steps to rolling out and implementing DMARC for your email which we carefully follow for the first few months of the service, and then after that we suggest an annual security review.

Why can’t I just DMARC myself?

DMARC can’t be automatically set up. It needs to be configured by someone in a senior technical capacity. It requires a high level of skill to get the tool configured because there many ways it can go wrong. If you make a mistake, you can spend hours correcting it or even lose valuable emails. It isn’t even a task you would give to a junior on your IT staff if you have one – it would have to be someone senior such as our security team at ion8.

We’ll also take the time to set it up properly – you don’t want to set your controls too high initially, or you risk losing valid emails. A slow rollout over a period of a few months is the best practice.

Employee Training is key to avoiding phishing attacks

Setting up your email security service is only half the battle. While it will stop most phishing emails in their tracks, some may still get through and it is up to your employees to click on them or not. Once clicked, your company can lose thousands of dollars worth of business. We offer one-on-one webinars with your company to answer questions and show your employees what needs to be avoided. While this information is out there on the Internet, our security experts know what the most common types of attacks are for your specific industry and how to repel them.  

Other security services

We also offer a health & security domain checkup service which looks at the services being hosted on your domain. This includes your website, email, and some apps. The checkup service gives you a list of recommendations for upping your security and we can either act on those for you for an additional cost or you can take care of those things yourself if we think they are minor. If you are looking for something deeper, we can also offer penetration testing, risk analysis, and many other digital security services.