17. Web and Email Security
Web and Email Security
ND545 C1 L4 14 Web And Email Security Video
Chrome settings
ND545 C1 L4 15 Web And Email Security Walkthrough
Summary
Web browsing and email are the top ways computers can get infected with malware, information is stolen and data gets breached. In this session, you’ll understand basic protection techniques for email and other communication methods.
There are simple steps you and your organization can take to protect email:
- Inventory of accounts - Personal & Business
- Know if your email information has been breached (haveibeenpwned.com)
- Use a standard format for your email addresses
Another step that protects both your email and your website domain is to make sure your provider uses the email authentication protocols SPF, DKIM, and DMARC. These make it harder for scammers to impersonate your domain and send phishing emails that look like they’re from you.
- **Sender Policy Framework (SPF) **tells external receiving email servers that your organization’s email servers are approved to send emails from your business’s domain name.
- Domain Keys Identified Mail (DKIM) adds a digital signature to your outgoing email so that external email servers can confirm that your email is from your domain.
- Domain-based Message Authentication, Reporting & Conformance (DMARC) verifies the address the server uses matches the “from” address. It also tells external email servers what to with potentially suspicious emails from your domain.
When you send an email from your organization using these security protocols, the receiving servers can confirm that you sent that email and not an imposter. If the email is not validated, the receiving servers can send an alert or block the email.
See the FTC, Cybersecurity for Small Business, Email Authentication flyer for more details on web authentication security.
New terms
- Cookie: A small file that stores information for a Web site in order to capture the web site's state and information about the browsing session.
- Cache: The temporarily storing of information and images from web pages to improve browsing efficiency.
Source: https://csrc.nist.gov/glossary/
Further research
- haveibeenpwned.com: https://haveibeenpwned.com/
- FTC, Cybersecurity for Small Business, Email Authentication flyer for more details: https://www.ftc.gov/system/files/attachments/email-authentication/cybersecurity_sb_email-authentication.pdf
- DMARC Overview: https://dmarc.org/overview/