Client
The client is a specialty insurance underwriter located just outside Chicago, whose products are geared for the hospitality industry. They have been in business for three years, as they consolidated the previous enterprise into a new company.
Its client base includes fast food restaurants and hotels for whom they provide coverage. Currently, their operation is conducted in two offices, including an overseas location, with a combined staff of 50 people.
Challenges
Due to the nature of their operation, which includes providing insurance quotes and policies via email, it became apparent that email security presents a major challenge.
They were two instances in which employee email accounts were compromised, due to human error. Those were fairly minor incidents, but it showed that cybersecurity training was needed and additional email protection needs to be implemented.
The solution needed to be implemented in a way as not to impair the current operation and flow of email but to reduce and mitigate the risks of compromised emails and accounts.
Solution
The solution provided a multi-layer approach to mitigate the risks. To address message security and minimize spam and malware, a mail filtering platform from a third-party provider, Proofpoint was provisioned.
By implementing Proofpoint Advanced Filtering, the inbound and outbound messages were screened for malware and spam before reaching the user’s mailbox, and a risk rating was generated.
The solution was transparent and allowed for fine-tuning of spam recognition, and due to message certification, it guarantees the delivery of messages from the client’s email domain.
To address end-user awareness, a social engineering awareness program was created utilizing employee training and email phishing testing.
The end-user training was created in the form of a presentation, a lunch-and-learn session, where key parts and concepts of phishing and other methods of social engineering were discussed. The slides provided scenarios and well-known examples that were circulating on the Internet. Users were instructed on how to communicate in case they discover possible phishing and how to recognize phishing emails.
The second part of the training included a custom-crafted managed phishing campaign. Using Phishing Box as a platform, the campaign with multiple phishing messages was created. The Phishing Box provides dozens of ready-to-use templates that can be customized as needed. This particular campaign included impersonating a health care company, and an insurance broker, whose allegedly legitimate email would land in the user mailbox along with the link to the “legitimate” site. The content from these well-known sites was copied and integrated into the message giving the appearance of a trusted sender. The campaigns were executed over a 2-3 weeks period so as not to raise suspicion with the staff by flooding everyone’s mailbox with these emails.
Results
The new email filtering platform proved to eliminate 98% of spam and malware, resulting in reduced message count, cleaner mailboxes, and a more secure setup. The ability to see the daily count of rejected or quarantined emails was an eye-opener for the client.
Users were trained on how to release “false-positive” quarantined emails and to add safe senders. Daily reports of quarantined messages were provided to each user.
The Phishing Box platform allowed for real-time monitoring and reporting of user activity, providing valuable data on which part of the training needs to be enhanced. As a result, approximately 15% of staff did open and went through the emails, compromising security. This was the desired result and it created an impact on staff realizing where their weaknesses are.
The Phishing Box platform also provides “instant training” in which the user, upon clicking on the malicious link from the campaign, is automatically taken to the training portal for a “refresher”
This type of training including the presentations and phishing campaigns is not a “one-off” type; instead, it needs to be conducted regularly, for example on a quarterly basis using new templates and scenarios and reinforcing the training to strengthen user knowledge and confidence.
Recent Comments