Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to Axios Closer for insights into the day’s business news and trends and why they matter

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Stay on top of the latest market trends

Subscribe to Axios Markets for the latest market trends and economic insights. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with Axios Sports. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Photo: Hero Images via Getty Images

A Rapid7 audit of the Fortune 500 companies on a variety of security fronts finds that the firms are doing a pretty good job in reducing entry points for hackers, but a lousy job at email security.

The big picture: The key numbers from this study come from two tests. One measured each firm's exposure to the internet by tabulating the number of services an eager hacker might connect to. A second tested adoption of security against sending fraudulent emails in a firm's name.

The bad news: The findings show that 330 out of the Fortune 500 companies do not have computers set up to prevent sending fraudulent emails in a firm's name.

  • Email wasn't designed to check if the email address listed as the sender actually sent the message. For example, a bad guy could send an invoice that looks like an invoice from a company email address even without access to a company email account.
  • There is a free add-on security protocol known as DMARC that checks with a server if an email is authentic and prevents those scams. Only 170 of the Fortune 500 use DMARC and have it configured to prevent fake messages from reaching an inbox.
  • "These are the best resourced companies in the world. They could easily run DMARC," said Tod Beardsley of Rapid7.

The good news: Fortune 500 companies only average around 500 exposed services to the internet. And while 500 may seem like a lot, given the size of the companies, Beardsley says he was expecting more.

  • "500 is lower than I was expecting," he said. "And only each only exposing 5–10 vulnerable services is lower than I was expecting."
  • The vulnerable networking protocol SMB was used to propagate the massive WannaCry malware in 2017.
  • "98% secure is pretty good. Clean up the last 2%, and we could prevent the next WannaCry," said Beardsley.

Go deeper

Del Rio bridge camp empty following Haitian migrant surge

A boy bathes himself in a jug of water inside a migrant camp at the U.S.-Mexico border on Sept. 21 in Del Rio, Texas. Photo: John Moore/Getty Images

The last migrants camping under the Del Rio International Bridge, which connects Texas and Mexico, departed on Friday, CNN reports.

Driving the news: Thousands of migrants, mostly from Haiti, had arrived to the makeshift camp after crossing the southern border seeking asylum. Roughly 1,800 migrants will now head to U.S. Customs and Border Protection processing centers.

White House says it expects federal contractors to be vaccinated by Dec. 8

Photo: Stefani Reynolds/Bloomberg via Getty Images

The White House said in new guidance Friday that it expects millions of federal contractors to be vaccinated against the coronavirus no later than Dec. 8.

Why it matters: Companies with federal contractors have been waiting for formal guidance from the White House before requiring those employees to get vaccinated, according to Reuters.

CDC director maintains Pfizer booster recommendation for high-risk workers

Rochelle Walensky listens during a confirmation hearing on July 20. Photo: Stefani Reynolds/The New York Times/Bloomberg via Getty Images

Centers for Disease Control and Prevention director Rochelle Walensky on Friday reiterated her decision to go against a recommendation by a CDC advisory panel that refused to endorse booster shots for workers whose jobs put them at high risk for contracting COVID-19.

Driving the news: "Our healthcare systems are once again at maximum capacity in parts of the country, our teachers are facing uncertainty as they walk into the classroom," Walensky said at a Friday briefing. "I must do what I can to preserve the health across our nation."