In our organization, we prioritize the security of our email communications to protect against potential threats. One of the measures we have implemented is blocking certain types of email attachments using a typical filtering rule 5.7.1. This rule helps prevent potentially harmful files from being delivered to users' inboxes.
Why We Block Certain Attachments
We block the following file types: HTML (.html), HTM (.htm), MSI (.msi), PS1 (.ps1), EXE (.exe), BAT (.bat), and COM (.com). These file types are commonly used to deliver malware and other malicious content. By blocking them, we reduce the risk of security breaches and protect our systems from potential harm. Harm, how? Each of these filetypes are executable, running a program -- which can then inject malicious software (malware) into our systems.
Emailing Prohibited File Types
Emailing these file types is strictly prohibited on our systems. We will not alter our systems in any way that weakens, circumvents, makes inferior, deletes, or halts this security filter. This measure is in place to ensure the highest level of security for our organization.
Rejection of Prohibited Emails
Emails containing these prohibited file types are rejected outright. This means that nothing is held or quarantined; the emails are essentially destroyed, rendering them unable to be released. This approach ensures that potentially harmful content does not reach our users.
Standardizing Bodies and Best Practices
Our approach aligns with recommendations from several standardizing bodies and organizations:
- National Institute of Standards and Technology (NIST): NIST provides guidelines for securing email systems, including recommendations for blocking potentially harmful attachment.
- International Organization for Standardization (ISO): ISO/IEC 27001 emphasizes the importance of information security management systems, which include measures for email security.
- Center for Internet Security (CIS): CIS Control 9 focuses on improving protections and detections of threats from email and web vectors, including blocking unnecessary file types.
- Financial Industry Regulatory Authority (FINRA): FINRA provides guidelines and regulations to protect against cybersecurity threats, including email security measures to prevent the transmission of harmful attachments.
- Securities and Exchange Commission (SEC): The SEC enforces regulations that require financial institutions to implement robust cybersecurity measures, including secure email practices.
- Payment Card Industry Data Security Standard (PCI DSS) (PDF Download from Source): PCI DSS sets standards for protecting cardholder data, which includes guidelines for secure email communications and the handling of sensitive information.
CISA Standards
The Cybersecurity and Infrastructure Security Agency (CISA) also provides guidance on enhancing email security. CISA's Binding Operational Directive 18-01 emphasizes the importance of email security measures, including blocking potentially harmful attachments to prevent phishing and malware attacks.
Alternative Solutions for Secure File Transmission
Secure File Transfer Protocol (SFTP): SFTP is a secure version of FTP that uses SSH to encrypt data during transfer. It ensures that files are transmitted securely over the network.
Web Distributed Authoring and Versioning (WebDAV): WebDAV extends HTTP to allow clients to perform remote web content authoring operations securely. It supports secure file transfers and collaboration.
Conclusion
By using these alternative solutions, you can securely transmit sensitive data and documents without relying on email attachments that could potentially execute harmful code. These methods align with industry best practices and help maintain the security and integrity of your data.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article