Back

Educate users about email threats

Unfortunately, unsolicited email and spam is not going anywhere. For most users, these types of emails are a nuisance, but for an IT administrator, spam can constitute a major security threat. More than 3% of spam contains some form of malware, but that doesn’t mean the remaining 97% is safe. You could be redirected to a website that is infected by clicking a link in an email.

The 2013 Microsoft Security Intelligence Report states “More than 75 percent of the email messages sent over the Internet are unwanted. Not only does all this unwanted email tax recipients’ inboxes and the resources of email providers, but it also creates an environment in which emailed malware attacks and phishing attempts can proliferate.”

To put this in simple terms, all users need to pay attention to the emails that they receive on a daily basis. It takes just one spam email to cause numerous problems for your organization. A great way to reduce this risk is to ensure all users are aware of what emails they should look out for so that your network stays safe.

  • Don’t click a link in an email unless you are 100% certain that it is safe to do so. If there is even the slightest doubt, delete it immediately or send it to the Helpdesk.
  • Don’t open or respond to emails that look suspicious, unusual or appear to be from someone you don’t know that asks for personal or financial details.
  • Ignore attachments that you weren’t expecting, especially if you don’t know the sender. Many malicious attachments masquerade as Word documents or familiar file types, so check with your IT team if there is any doubt.
  • Check your spam folders regularly in case a legitimate email gets caught in the filter. Whitelist important email addresses so they won’t get filtered in the future.
  • Never give out personal details by email or fill in forms that pop up when you open an email as these will often be phishing attempts.
  • If you haven’t given your address to a business that emails you, do not open or interact with the message.
  • If you get a notice from a financial institution stating that you need to upgrade your details or change your password, don’t follow the instructions, but go directly to the institution’s website and see if your account is in order.  Financial institutions will never ask for these details over email.
  • If you think you might have opened an email with a malicious attachment or clicked or a malicious link, shut down your machine immediately and inform your IT department. They will then be able to isolate that machine from the network and run any necessary scans.
  • If you receive an emailed calendar invite from someone you don’t know or it looks suspicious, don’t accept it. If it is from a colleague who is not using a corporate email address, find out it if it is real. In any case, delete the invite just to be certain.
  • Be careful when logging onto Wi-Fi networks, especially public ones. Always stick with trusted providers and avoid suspicious-sounding SSIDs. Hackers often spoof genuine SSIDs in order to steal passwords and user names.
  • Don’t use the same password for your work email account as your personal one.
  • Avoid posting your work email address in public forums, blogs and websites unless it is absolutely necessary. You will be making it too easy for hackers to get your address and use them for various spamming attacks.
  • Never download any software that has not been approved by your IT department. This could open a backdoor for hackers to gain access to your company’s network and use your computer as part of a botnet that will spew spam across the world.

If employees know what they should avoid, then many security issues should not occur. By sending out some security tips every now and then to refresh their memory, it will remind them why security is so important.