Our partner Mimecast has shared their newest defenses against email threats – and what you need to do to ensure they are actively protecting your systems. Some of these steps may be somewhat complex to the non-Exchange Administrator. If you need help getting started, please contact us.
There are two areas on which Mimecast recommends you focus:
Improved Spoofed Email Defenses
Mimecast provides Inbound Lockout Policies to block spoofed email from being sent inbound to your organization. They recently made an enhancement to extend this protection from the envelope address (the actual sender of the email, used in the message transmission) to also include the header/display address. In order to take advantage of this protection, you will need to update your Inbound Lockout policies to use the new setting, keeping in mind that any exceptions (legitimate inbound emails that are spoofing your domain name) need to be added to a corresponding Exemption policy. As we have seen a rise in these type of spoofed email attempts recently, Mimecast specifically recommends:
- Reviewing your Inbound Lockout policies to ensure they cover all of your Internal domain names.
- Updating your Inbound Lockout policy (and corresponding Exception policy) and changing the “Applies From” field to "Both" to ensure it applies to both the envelope and header addresses.
The Rise (and Demise) of Malicious Word Macros
The use of malicious macros and other embedded code within Microsoft Office documents is on the rise. These types of advanced attacks are able to evade traditional anti-virus systems as they don’t actually contain any malicious content and only download it later once it’s opened. Mimecast has developed an add-on service called Targeted Threat Protection – Attachment Protect specifically to address this type of threat. This service offers the choice of attachment sandboxing or transcription of attachments to a safe file format in order to neutralize the threat.
If your law firm doesn't subscribe to the Targeted Threat Protection - Attachment Protect service, Mimecast offers the ability to control the macros that can enter your environment using Suspected Malware Policies. Enabling the “Scan for Microsoft Office Macros” within this policy will hold any email with a macro – note that this includes all such emails (depending on who the policy applies to) so there is a risk of false positives if your firm heavily relies on these types of documents.
Should you require any further information or assistance on these features, or are interested in more information about Mimecast’s Targeted Threat Protection, please contact us.