Recommendations for dealing with compromised partners

If email communication with the partner does not need to be maintained

In this case, we recommend that you block the affected partner domain completely and switch to other communication channels. See Creating a blocklist.

If e-mail communication with the partner is to be maintained at all costs

If communication by email is to continue in the event of a crisis, you must secure it as best as possible. To do this, implement the following recommendations for the partner domain:

Level of Trust

Set the trust level for the affected partner domain fixed to 0. Proceed as follows:

  1. Go to Identities > Partners > Partners.
  2. Double-click the affected domain.
  3. Stay on the Domain entry tab and under Trust, click Edit.
  4. Set the trust level to 0 and select as type The level is fixed.
  5. Click Save and close and then Close dialogue.

URL Safeguard

Rewrite the URLs in emails for the affected domain and block access. Proceed as follows:

  1. Go to Identities > Partners > Partners.
  2. Double-click the affected domain.
  3. Stay on the Domain entry tab and under URL Safeguard, click Edit.
  4. For both trusted and untrusted emails, select Rewrite URLs and block access.
  5. (Recommended) Select the option Additionally rewrite hostnames.
  6. Click Save and close and then Close dialogue.

Content filter

We recommend that you build an "email firewall" for compromised partners using the content filter. This means that you prohibit all file types except for images, text and, if applicable, PDFs. See Configuring content filter sets.

Disclaimer

We recommend that you define a separate disclaimer for the partner concerned, informing them of the compromise and requesting them to contact the Helpdesk/IT Security in case of suspicious emails. Such a disclaimer creates awareness internally and can also be used to raise awareness of subtle scam attempts that do not want to foist malicious links or attachments.

Video: How to an Awareness Disclaimer (German only)