An email from an attorney can invoke a sense of urgency or even panic in the recipient — and that’s exactly why cybercriminals often pretend to be lawyers or law firms by spoofing the email and email domains of law firms. As a legal service, it is of the utmost importance that documents and sensitive client information are handled with care. Since clients put sensitive information in the hands of their legal advisors, establishing trust between your organization and client base is vital. A phishing email that seems to come from your organization and exploits your company’s email domain can be damaging to that established trust — as well as cause financial loss or privacy violations. How would your clients and business partners feel if they learned of a phishing attack leveraging your unprotected domain that could have been prevented by using DMARC? Enforcing DMARC will improve confidence in your online brand by helping to ensure that clients and partners only receive emails that authentically come from you, increasing email deliverability and enabling streamlined communication. Let’s get started.
Many legal services are often spoofed online without their knowledge. DMARC addresses this not only by providing visibility into active threats using your domains, but also by giving you the ability to stop them. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email validation system that helps organizations monitor, quarantine and block brand impersonation attempts like email spoofs, phishing scams and more. DMARC builds on previously existing email authentication techniques SPF and DKIM to strengthen your domain’s fortifications against fraudulent use. When publishing a DMARC record into their DNS record, domain owners gain insights regarding who is sending email on their behalf. Some of these senders will be trusted third-party vendors that your organization works with, such as Salesforce, Marketo or NetSuite. However, if you find malicious, unauthorized actors presenting themselves as you, DMARC gives your organization improved ability to have them blocked.
DMARC helps your organization secure email communications by providing greater visibility into cyber threats. Additionally, DMARC provides the following benefits:
Online brand protection:
No matter the size or scope of your organization, cybercriminals will attempt to impersonate your domain and online presence for malicious purposes. DMARC protects your brand’s integrity by keeping your organization out of their arsenal of easily spoof-able email domains.
Increased email deliverability:
Even legitimate emails can end up in spam folders and email quarantines by mistake, which can be problematic when emails contain important, time sensitive or private information. DMARC serves as extra proof that emails from your organization are legitimate, increasing deliverability to the inbox while also knocking out fraudulent mail.
A published policy that instructs ISPs and other email receivers to deliver, quarantine, or delete emails:
With DMARC, you can decide if potential abuses of your email domain are solely reported back to you without further action, quarantined for further review or automatically deleted. The gold standard policy of DMARC is “p=reject,” meaning all illegitimate or unapproved uses of your email domain are automatically rejected through DMARC enforcement.
Greater visibility into cyber threats:
DMARC’s reporting capability enables you to monitor all authorized third parties that send emails on your behalf, alongside those that are not authorized. This helps ensure compliance with security best practices and aids investigations into email security or phishing issues.
Email is as vulnerable as it is vital. While we rely on it for borderless personal and professional communication, cybercriminals also rely on it to carry out malicious cybercrimes. Such is the challenge with inherently open communications systems. The very traits that have made email ubiquitous also contribute to its vulnerabilities; because it is so easy to set up, it’s easy for cybercriminals to create an email account and send mail that appears to be from an organization’s legitimate domains. 91% of cyberattacks start with a phishing email, and many of the world’s most revered legal services organizations have been exploited to carry out these attacks. The last thing any organization wants is for their brand to be used in fraudulent activity — especially when it could have been prevented by applying stricter security standards like DMARC.
The good news: Legal is ahead of other industries when it comes to using DMARC, with 18% of the top 100 accredited law firms globally adopting a DMARC policy set to either “quarantine” or “reject.” The bad news, however, is that that number should be a lot higher. Given that at least 25% of law firms have been targeted by cybercriminals, it is cause for concern that 43% of these top 100 legal organizations have not adopted a DMARC policy at all, leaving them vulnerable to email-borne impersonation attacks. Cybercriminals know that individuals are likely to reply to an attorney because of the sense of seriousness and urgency invoked by a legal institution requesting sensitive data, payments, or issuing notice of forthcoming legal action. If an unsuspecting client or business associate of your law firm falls for the trap, having put their trust in what they believe to be a communication from your firm, important information or payments can be intercepted by a malicious actor. This is a significant problem for both the client and the reputation of your firm.
Every year, $500 million is lost as a direct result of phishing attacks globally. Dealing with phishing attacks costs the average 10,000-employee company $3.7 million per year. As phishing scams continue to increase in their frequency and inflicted damage, it’s important that organizations fortify themselves against being exploited in all types of phishing attacks. Business email compromise (BEC) attacks are a type of phishing scam. In a BEC attack, a cybercriminal might impersonate a partner or lawyer and send deceptive emails requesting wire transfers or other sensitive information to be sent. DMARC helps combat inbound threats like BEC attacks where the attacker sends an email with a ‘from’ address that appears to originate from a trusted business partner. If the email fails DMARC, which it should, the fraudulent email is not even delivered.
By now you’ve seen why DMARC compliance on both the domain owner and email receiver side is necessary to protect your legal organization. But how do you implement DMARC? Though DMARC is a key part of any email security program, it is not a standard that can be deployed, configured, activated and then forgotten. To correctly implement and then leverage your investment in DMARC, domain owners must complete a series of steps, including collecting all owned domains, discerning the authorized third-party services using your domain legitimately, configuring those services from and SPF and DKIM perspective, and publishing a DMARC record (try our DMARC Record Generator). It’s of the utmost importance that, even after you have set your DMARC policy (“p=reject,” if you want the gold standard), your organization establishes a program of ongoing monitoring, as the online threat landscape is perpetually evolving. In 2020, Mimecast embarked on our own journey to enforce DMARC across all of our owned domains. The project was documented in a three-part blog series for other organizations to use as a resource.