May 15, 2019
Email is the most frequently reported initial point of compromise. In a recent HIMSS study, 59 percent reported that Email Phishing was the initial point of data compromise for all organizations surveyed, and 69 percent of incidents at hospitals.
Dan Reither, a 25-year data security veteran, leads our Podcast exploring email security strategies ranging from technical solutions, data loss prevention, and widespread education of your workforce to social engineering threats. As a strong believer in “deputizing” the workforce and vendor network on email security threats, notification and handling; Dan provides valuable insight to healthcare security managers. Dan is the Manager of Information Security for Health Partners Plans and Vice President of the ISC2 Philadelphia chapter.
Dan and Brian Selfridge, Partner with Meditology Services discuss email security trends and best practices including:
- A look at the evolution of email-attacks from basic phishing to
more sophisticated social engineering campaigns. As email security
has gotten stronger, there is a shift from taking advantage of
technical inefficiencies to more targeted, social engineering.
- A discussion of best practices for securing email platforms and
incident response approaches to reduce damage email attacks.
- An evaluation of security protections and technical solutions
to handle spam, AV, DLP, and phishing and their effectiveness in
different scenarios. A primary technical email security foundation
is a gateway and a phishing solution.
- Acknowledgement of the success that malicious actors are having with email-based attacks. Be sure you talk to your vendors and employees underscoring the importance of identifying and properly handling suspicious email activity. All employees across the organization should be “deputized” as security team members and viewed as the front line in detecting and handling email attacks.