One of the interesting things about the Olympics is that every four years, they shine a light on many sports and athletes that otherwise go unnoticed. This year’s Winter Olympics are in full swing in Sochi, Russia, and are shining light on an entirely different subject other than sport: security.
With terrorist threats high, Russia has taken unprecedented measures to ensure the safety of those participating in and watching the Games. Thirty thousand police officers have descended on this sleepy summer resort. Russian visitors must park their cars outside a fortified zone. You can’t even buy snake venom.
All of this expense is a reminder of the price people are willing to pay to feel safe. But the Olympics are a global event experienced by millions of people outside those able to attend in person. These fans consume the games digitally through their televisions and, more than ever before, through Internet connected devices.
So while billions of dollars and thousands of man hours are being used to prevent physical threats, what is often forgotten in the media hoopla is the damage that can be done from miles away with the click of a mouse.
Cyber attacks are real. Thankfully, while they do not result in lost lives, they do result in lost livelihoods (which obviously pales in comparison to loss of life). One of the most common forms of cybercrime is phishing attacks, in which confidential information is acquired in electronic communication by pretending to be a trustworthy entity.
More than 144 billion emails are sent every day with a large portion of those being vital transactional emails sent from businesses across the world. By sending emails pretending to be event updates and insight, cyber criminals capitalize on the widespread interest in the Winter Olympics to inject malware or malicious downloads onto company servers.
This probably sounds scary, but it doesn’t have to be. To stop phishing attacks you don’t need an army or billions of dollars. You just need to be diligent.
Where To Begin?
Dyn’s David Grange, Director of Operations and Client Services (EMEA), has a few pieces of advice that can make a huge difference.
To avoid becoming the victim of an Olympic (or any type of) phishing scam, David recommends a few things that businesses should consider:
- Advising their employees to check links before clicking by hovering over them, or holding them down for a few seconds on smartphones
- Encouraging employees to go websites directly in their web browser rather than clicking a link from a suspicious email
- Evaluating their email security and consider strengthening their defenses with technologies such as SPF, DKIM, and DMARC
Those last three are acronyms you’d be wise to become familiar with. Domain-based Message Authentication, Reporting & Conformance (DMARC) offers up a new way of authenticating email delivery by using the DNS.
While DNS is typically associated with keeping websites performing fast and preventing downtime, it can also play a huge role in preventing phishing attacks. DMARC standardizes how email receivers perform authentication by using Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). These two technologies both store their records in DNS.
If the email that arrives does not pass this validation process, the receiver then knows to junk or reject the email, avoiding harmful messages. This method eliminates the guesswork and ensures every step along the email delivery chain is secured.
Talking about security is not meant to be a scare tactic. In reality, from a cyber crime threat, the Olympics are probably no more dangerous than any other big event. However, security is important and it needs to be discussed. To protect yourself you don’t need to spend astronomical sums or buy the latest and greatest gadgets. No, the best way to ensure safety is to be diligent.
And that diligence shouldn’t happen every four years. It should happen daily.