GlobalCerts offers a wide range of cybersecurity consulting and engineering services to clients ranging from SMEs to large enterprises. Our focus is developing comprehensive, defense-in-depth approaches centered around our client’s email security.
Cyber Security Consulting
No matter the size of your organization, developing and implementing a comprehensive cybersecurity program is more crucial now than ever. It seems that no one is immune to ransomware. And key to defending against this ever growing epidemic is protecting email-borne threats. GlobalCerts focuses on helping small and medium sized organizations that regularly handle protected information, but may not have the resources for a dedicated information security staff. We can help your organization with the following services:
- Risk Management: Develop a comprehensive risk management program for your organization, including in-depth risk analysis, threat modeling, developing a risk mitigation plan, and aligning your security controls with applicable frameworks and legal requirements.
- Information Security Plans: Many organizations require a simple, but comprehensive information security plan. This plan formalizes the strategy the business takes to mitigate risks to its information assets, users, and customers. It is an all-in-one type plan that encompasses several elements of a larger, more mature cybersecurity program specifically targeted for smaller organizations.
- Email Security Consultation: Analyze risks to your organization via email related threats. We critically examine the organization’s entire email infrastructure and find the “dark corners” that may allow for an attack to slip through. We examine email client security controls, account access and authorization, transmission of protected information via email, encryption in transit and at rest, data leak prevention strategies, protections against spear-phishing and business email compromise (BEC).
Security Awareness Training
Even the best email security filters let about 10% of targeted attacks through to the end user. Your users are often the last line of defense in stopping an advanced adversary. They can either stop them in their tracks by reporting or deleting the email, or all to often they open the front door. From there, adversaries can move laterally within the organization to other computers, gain credentials, and take down the entire IT infrastructure via a ransomware attack. It’s no surprise that over 91% of successful data breaches start with a spear phishing attack.
Training your users to recognize and report suspicious activity or emails is a critical component in a layered security program. But all to often, security awareness training consists of death by PowerPoint. Outdated, boring slides that don’t connect with the user do little to help bring real behavioral changes. A more modern, interactive approach is needed to combat the increasingly clever adversaries.
GlobalCerts partners with KnowBe4, a leader in ‘new-school’ Security Awareness Training to offer our customers an interactive and engaging approach to training. Your program is custom-tailored to your organization, taking into account the IT services used, your risk profile, and even the its corporate culture. Through a combination of simulated phishing tests, formal training materials, and engaging games, we will develop a custom-tailored program that is relevant to your users, and strikes the perfect balance of information and fun/engagement.
Custom Email Engineering
The larger the organization, the more complicated the email flow and security requirements are. Often there are conflicting functionalities between the myriad security solutions in place which can counteract each other. Some of the services GlobalCerts offers include:
- Email Reputation: Implementing SPF and DKIM signatures across the entire organization’s email. The ultimate goal is to establish a DMARC reject policy to prevent bad actors from impersonating the organization’s domains.
- Custom S/MIME solutions: Once of the most complicated components in email security is implementing S/MIME across the organization and its various trusted partners. Leveraging our flagship email security solution, the SecureMail Gateway, organizations can leverage digital signatures and S/MIME encryption without burdening users and IT with managing certificates on individual user’s many devices. Centralizing these email security components also allows for easy administration, better management of 3rd party certificates, and integration with email signing and disclaimers that would otherwise invalidate client based digital signatures.
- BIMI: On the forefront of email reputation is Brand Indicators for Message Identification, or BIMI. This emerging standard adds a company’s verified logo to the display of an email from that organization. A prerequisite to implementing this standard is implementing existing reputation mechanisms like DMARC.