There are so many acronyms in the world today you’d be forgiven for being a little bit sick of them. Our messages are flooded with ASAPs, LOLs and FOMOs. Even COVID is an acronym. It’s short for COronaVIrus Disease. Sometimes it all gets a bit too much, but there’s one very important acronym you probably haven’t heard of – DMARC.
You don’t need to know what DMARC stands for or even remember the term, but the chances are it plays an important role in some part of your online security. And a new report suggests the inconsistent use of DMARC is leaving many large Aussie organisations vulnerable to cyber attack.
DMARC of strong security
DMARC, short for Domain-based Message Authentication, Reporting and Conformance, is an email protocol. There’s no need to remember the full term, which is probably just as well. I doubt I’ll be able to remember it tomorrow.
While there’s no need to remember it, there is a need to ensure it gets used to its fullest capacity. Doing so helps ensure high levels of security and reduces the risk of a cyber attack. But, according to New Zealand-based email security specialist SMX, inconsistent enforcement of DMARC is leaving many organisations open to attack.
The research done by SMX shows that it’s not just smaller companies falling short of the mark. Some of Australia and New Zealand’s largest public and private sector organisations have displayed these inconsistencies.
What does this mean?
These inconsistencies mean those organisations are at higher risk of falling victim to spoofing, phishing scams, and other email-based cyber attacks. What many people do not realise is that a high proportion of cyber attacks are perpetrated through email, according to SMX.
SMX chief security officer Jamie Callaghan said: “90 per cent of cyber attacks emanate from email.” Mr Callaghan said many company security policies tend to limit their focus to within the boundaries of organisation. It is beyond those boundaries, in the space between organisations, that DMARC, used in the correct mode, can aid security.
“Cybersecurity tends to focus on protecting a corporate perimeter,” Mr Callaghan said. “DMARC in enforcement mode also protects the people and organisations you do business with, ensuring they continue to trust emails from your domain.”
This suggests that DMARC not only provides strong security, but enables organisations to identify each other as safe communicants.
The good news for Australians to come out of the SMX study is that “Australian federal government agencies are the most diligent in operating DMARC in enforcement mode.” Much more so than New Zealand government domains, which the study says are the least likely to be protected.
What does DMARC mean for ordinary Aussies?
In terms of the larger organisations – banks, insurance companies, etc – there’s probably not much you can do, other than ask if they’re using DMARC to its fullest extent.
However, Mr Callaghan pointed out that DMARC is useful for organisations of all sizes, large and small. He said putting DMARC into practice could be “surprisingly straightforward in a simple environment”. As such, he recommends that small business owners consult their IT support regarding the process.
Are you a small business owner? Have you discussed your level of security with your IT support team? Let us know via the comments section below.
Also read: myGov hackers stealing data through ‘side entrance’, report says
