But… I expect e-mails from new people all the time.
When providing education on phishing, we tell employees to delete e-mails with attachments from unknown sources because of the potential for malware to infiltrate your network. However, there may be some cases where this would negatively impact business.
Let’s look at a scenario where e-mails with attachments from unknown senders are a normal part of business operations. Perhaps you’re responsible for hiring and ask people to e-mail their resumes to you. Or, because you’re a hiring manager or in HR, people send you resumes out of the blue.
How do you address the risk of opening attachments from unknown people?
A determined attacker is probably mapping out your organization through information found on your website and social networks like LinkedIn. Once they find the hiring manager and some open job postings, guess what? They craft a great malware-laden “resume” to send to him or her. Once the manager opens the attachment, it may infect their machine and give the attacker remote access or release ransomware.
Here’s where technology in tandem with training needs to be in place. Here are some ways to handle e-mails with attachments.
- Do not accept attachments. (Avoid the risk.)
Make it a policy to not accept resumes via e-mail attachments and ensure hiring managers are aware of this. Instead, ask that applicants use a dedicated application site that requires them to paste their information into a form with some standard fields (no attachment uploads). This, of course, takes resources.
- Limit damage. (Mitigate the risk.)
Disable macros by default and keep software up-to-date, especially PDF viewers and word processors. Educate users about scams that involve macros or attachments that look like documents but are really executables.
- Limit damage even more. (Further mitigate the risk by eliminating the employee’s responsibility to analyze attachments.)
Create a different e-mail address on a virtual machine (VM) specifically for reviewing resumes. This way, damage caused by malware embedded in attachments is contained. If a hiring manager receives a resume in her regular e-mail, she can forward it to the dedicated address and open it on the VM.
- Accept that it will happen. (Accept the risk.)
Have good backups and detection mechanisms. (You’re already doing this, right?)
If malware infection happens frequently enough, consider turning to something like #1. Otherwise, accept that ransomware, Trojans, and other bad code is going to penetrate your network. Have good detection mechanisms for malware and unauthorized access, along with the ability to restore files.
The education piece involves helping users recognize when their machine may be infected and whom to call or how to report it. Next, make sure important files are saved somewhere that creates automatic backups. This is a good idea no matter which option you decide to take.
What about phishing for credentials?
There’s one scenario not addressed above: a hiring manager being phished for his/her credentials when attempting to view a link or attachment from a supposed resume submission. General phishing education should suffice here, but it doesn’t hurt to let your hiring managers know that they could be specifically targeted in this way due to the nature of their work.