Managed.IT issue 67

24 01732 759725 CONTACT CENTRE/EMAIL Airey adds that it also assists UK Power Networks with call volume forecasting and staffing levels. “We refer to the historic data regularly to help inform our forecasts. When storms damage the electricity network causing widespread power cuts calls can increase quite drastically, from 1,500-2,000 to 35,000-40,000. The ‘special events’ tag in Calabrio is very useful as we can use that to forecast and exclude or use that data to build our next forecast. For us, it’s so useful.” By prioritising the wellbeing of agents and vulnerable customers, Calabrio is enhancing UK Power Networks’ ability to weather any storm. www.calabrio.com The number one DMARC mistake – and why you must avoid it Gerasim Hovhannisyan, CEO and co-founder of EasyDMARC, warns that organisations are compromising their phishing defences by failing to implement DMARC correctly Email authentication mandates for bulk senders from platforms like Google, Yahoo and Microsoft have powered a surge in the adoption of email security protocols like Domain-based Message Authentication, Reporting and Conformance (DMARC). The question is: How much of this is truly about protecting against phishing and how much is merely compliance box-ticking in order to move on with business as usual? DMARC, while undeniably a powerful tool for email authentication, is not a silver bullet. Its efficiency in blocking malicious emails depends heavily on proper implementation and not all organisations are utilising DMARC to its full potential. Our research in sectors most vulnerable to cyber threats shows that despite the staggering rise in phishing scams, the most effective DMARC policy – p=reject – remains severely underutilised. Even if some companies think they’re protected, the reality is they are still vulnerable to phishing attacks. p=reject: the ultimate and underused defence The p=reject policy is a critical component of DMARC implementation and phishing protections. This policy instructs email servers to automatically reject any message that fails DMARC authentication, effectively preventing potentially malicious emails from ever reaching the recipient’s inbox. Many organisations with DMARC in place remain committed to less stringent policies because they don’t realise p=reject’s importance. Our research shows very low levels of p=reject adoption by organisations such as healthcare providers (20% adoption), top manufacturing companies (19%) and retailers (35%). These numbers indicate a significant gap between DMARC adoption and the implementation of its most important policy. The reasons for this gap could be rooted in misconceptions about DMARC’s capabilities, such as the fear of legitimate emails being mistakenly blocked. The implications of incomplete DMARC implementation The reluctance to adopt p=reject represents a concerning trend because it leaves a door open for phishing emails to slip through, placing organisations, their customers and stakeholders at risk. While monitoring for malicious content and leaving the decision to reject to email recipients might seem safer and easier, it places an unnecessary burden on recipients and increases the risk of successful phishing attacks. p=reject reduces this risk by taking the monitoring out of the hands of recipients, acting as a first line of defence against attacks. Without the full implementation of DMARC, particularly the p=reject policy, organisations are only partially protected. This incomplete defence strategy can be compared to installing a security system but leaving one of the doors unlocked. It instills a false sense of security that can have harmful consequences. The way forward, beyond compliance To truly benefit from DMARC, organisations must move beyond simply meeting compliance requirements and towards a comprehensive adoption of DMARC policies. The p=reject policy should be seen not as an optional add-on but as an essential component of a complete email security strategy. All organisations, especially those in high-risk sectors that deal with sensitive customer and business data, like healthcare, manufacturing and retail, should be attuned to the critical importance of fully implementing DMARC. As cyber threats continue to evolve, the cost of underutilising such a powerful yet simple tool cannot be underestimated. Now is the time for organisations to take action and ensure their DMARC implementation is not just about compliance but about genuinely protecting themselves and their customers against cyber threats. Gerasim Hovhannisyan continued...

RkJQdWJsaXNoZXIy NDUxNDM=