Why are so many companies still not protecting themselves from phishing attacks? [Video]
Email is far from dead. In fact, it’s the number one cyber attack vector. And yet, the majority of companies still haven’t put the mechanisms in place to protect themselves against email phishing attacks — specifically phishing attacks that use their exact domains.
Our VP of Communications, Dylan Tweney, explains why email is such a potent vector for attack in under 40 seconds.
So if we know that email is continuing to grow, and it’s a major weakness, and it’s where the people are, why are some companies still unprotected?
The simple answer: Protecting your email isn’t simple.
The basics of SPF, DKIM, and DMARC
There are three key mechanisms used to protect an organization’s domain from fraudulent use: SPF, DKIM, and DMARC. While three seems like a manageable number, each of these mechanisms come with its own set of obstacles.
For the rest of this to make sense, you probably need a basic understanding of the basic email authentication standards. Got that? Then read on.
SPF and DKIM were the first two standards, and are the foundation for a successful DMARC implementation. Both are managed in DNS, which means a lot of manual, tedious and error-prone work.
Our DNS expert, Steve Whittle, breaks down what makes implementation difficult in these two quick videos:
How DMARC eliminates spoofing on your domain
SPF and DKIM provide value individually, but DMARC is what pulls everything together and eliminates impersonation attacks using your domain. For DMARC to work, you’ll need at least SPF or DKIM to be implemented and functioning correctly. And you need to implement it to a policy of “enforcement.”
In order to do that confidently, and maintain this status, there are a lot of moving pieces. People often mistakenly approach DMARC implementation as a one time project, not an ongoing maintenance issue — and that’s exactly where they run into trouble.
In this next short video, Valimail product manager Gio Gujarati covers some of the common pitfalls for getting to enforcement.
Interested in learning more? Check out the full YouTube series, Why’s Up: Answering the “Why’s” of email authentication.
An easier path to DMARC implementation
And yes, this is a lot to absorb! If you’re completely uninterested in learning more about implementing email authentication, but still want to reap the benefits, Valimail’s automated anti-phishing platform can take care of it for you.
Get started today with a no-cost Domain Analysis to kick off your email authentication project.