When in doubt, layer and share
When in doubt, layer and share

As email has become the most popular way for people to communicate, it is no wonder that criminals are exploiting this channel to infiltrate computers whether to disrupt businesses or to steal sensitive information for financial gain, often resulting in data breaches. Malware attachments via email is just one technique criminals use to achieve this; and businesses that do not have proper defenses in place will no doubt fall victim. We've heard time and time again that it's not a question of “if, but when”. The good news is that there are steps organizations can take to stay ahead of cybercrime. 

When it comes to protecting your business from malware infections via attachments, the first order of business is to proactively educate your employees about immediately spotting suspicious attachments. Employees that have been trained to spot cyberattacks are the first line of defense to protecting your business. Knowing what to look out for can help businesses brace themselves for cyberattacks and subsequently put in place the right defenses. 

Cyberthreats are constantly evolving so for companies to stay ahead of these threats, information sharing is critical. This is of course accomplished through constant information sharing with similar organizations through institutions like FS-ISAC.  Being a part of a robust global information sharing community to both report threats you are seeing and getting alerts about what member institutions are experiencing in real time will serve as an early warning system, increase your chances of bypassing the ever-evolving threats, and provide better situational awareness for risk mitigation. Businesses can also help crowd-source information on mitigation by sharing intelligence on tools, tactics, and procedures that criminals are using in their attacks. This can then help determine how the malware is trying to infiltrate and disrupt business operations.  By using and sharing this information, the business as well as the community, can in turn adjust their defenses based on the attack. 

On a more tactical level, a business may also choose to block file extensions. While this is a more basic approach, it is one way to protect your organization from known malicious file types. Organizations can also deploy technology to screen emails and files for infections by blocking them based on signatures or opening the attachment in safe zones -- a virtual computer where malware is detonated or opened and safely analyzed -- before it lands in an employee's email inbox to determine if malware is present. 

Last but not least, it is critical that businesses are diligent about their cyberhygiene by ensuring that they are installing available software patches for their systems to fix known vulnerabilities.  Too often, organizations leave themselves exposed to malware even though there is a preventative measure via patching. 

There is no perfect formula for cybercrime prevention and companies need to employ a multi-layered approach to defend against malware.  However, if businesses follow these steps and join an information sharing community to stay abreast of the latest threats, they will be better positioned to survive a cyberstorm.