Case Study: Web & Email Security Assessment for a Travel Company
A travel company was constantly receiving a vast amount of unsolicited emails that were flooding the company’s mailbox and negatively impacting staff productivity and communication with clients. They required a review of their website and server to mitigate the risk of a security breach.
The Challenge
To reduce spam email that was being successfully delivered through forms on the official website and conduct a review of its security configurations.
Our Approach
On the server side, we reviewed the server configuration and implemented spam filters, domain privacy protection, and DMARC enforcement. On the frontend, we implemented CAPTCHA challenges and obfuscated plaintext contact information. Finally, we conducted spam simulations and security awareness training for staff to mitigate the risk of breaches from unsolicited emails in addition to reduction of spam successfully delivered to the inbox.
Key Results Achieved
- There was a significant reduction in the spam emails received, particularly from bad bots.
- Employees became aware of social engineering attacks and gained the necessary skills to identify phishing and scam emails.
- The company adopted a zero-trust approach in relation to information security.
Key Terms
DMARC - Domain-based Message Authentication, Reporting and Conformance
CAPTCHA - A challenge-response test used to distinguish human users from bots
SETA - Security Education, Training, and Awareness
Obfuscation - Information-hiding technique
Config - Configuration
