SA businesses have a duty of care to protect themselves and clients from phishing
Cybersecurity threats are continuously on the increase, with 96% of phishing attacks delivered by email. A successful phishing attack leaves two victims in its wake: the person who falls for the requests or promises of the perpetrator and the company whose domain has been compromised.
Victim or not, a recent South African court judgement found that a company whose email domain had been compromised was to be held liable for not having a sufficient duty of care in place to warn its clients about potential compromises. While this duty of care is incredibly complex to fulfil, there are other solutions available to businesses who trade in trust to protect themselves and their clients from falling prey to phishing scammers.
“Phishing, spoofing, cloning, and impersonation are deceptive attacks on businesses and their customers, with the perpetrators being just about impossible to trace, identify and prosecute,” says Naeem Gabru, Group Chief Information Officer at Metrofile.
“That is why every South African business should take responsibility for implementing solutions that defend their email domains from attackers while identifying vulnerabilities so that they can be remedied. If every business contributed to building this cyber defence force for their email domains, the clients they interact with on email would be protected” he adds.
IronTree, a Metrofile subsidiary, has partnered with Sendmarc, cybersecurity email protection and compliance experts, to implement its Domain-based Message Authentication, Reporting and Conformance (DMARC) across Metrofile’s email domains. DMARC protection means that a receiving email server rejects non-DMARC compliant email. This protection makes sure that every email that purports to be from a business’s domain is the real thing, and alerts both the domain that has been compromised and the targeted receiver that something is amiss.
“With 16 email domains in our realm, it was clear to us that we needed to take pre-emptive steps to protect everyone that could potentially engage with these email domains across the group of companies,” says Gabru.
“The two-week installation process was seamless and straightforward, with IronTree and our hosting provider working closely to implement this additional control to our email security” he adds. “Domains were then monitored and configured, during which time authorised sending servers were defined. DMARC was then optimised, with full compliance reporting and certification following that process.
“Having the support of IronTree and Sendmarc via a managed service contract means that our in-house teams can focus on their tasks and that they can leave specialised email security issues to the experts while monitoring trends on the Sendmarc dashboard,” he says.
“Our domains are fully compliant with constant monitoring for any non-compliant senders, which are immediately investigated and remediated,” Gabru says. “That means that our email domains, customers, suppliers, and employees that interact with us are protected from email impersonation-related cybercrime.