We have shared messages about safe emailing in the past. It is a subject that never grows old, and we never run out of relevant tips to keep you safe..
Here we break email safety into 3 categories and explain some strategies within each category.
Block Bad Emails From Your Inbox
Identify Suspicious Emails In Your Inbox
Notifying IT of Suspicious Activity
Blocking Bad Emails From Your Inbox
Through hardware and software solutions you can prevent a large number of suspicious or malicious emails from being delivered to email inboxes in your organization.
Advanced Threat Detection software reviews every inbound email and not only scans it for suspicious content, but also looks at suspicious patterns and methods criminals use to socially engineer their way into your systems. These software solutions adapt and update regularly as the criminal adapt and change their ways of attacking your computers and network.
If you are not using and ATD (Advanced Threat Detection) system, then you are relying heavily on your staff to stay vigilant and updated on all the ways criminals try to trick you into clicking on the wrong link or make you think you are replying to someone you know.
Identify Suspicious Emails In Your Inbox
No software protection is 100% perfect, so you need to consistently remind and educate your staff on how to identify suspicious emails that do make it through your first layer of defence. Key things to look for when assessing your emails – and yes you should assess every email you get, even if it appears to come from someone you know!
Do not open attachments from unknown senders
Do not click suspicious links or links from unknown senders
Carefully verify the senders name and email address
Never email passwords and be cautious of "link to reset your password"
Consider these scenarios.
You receive an email from someone you know, with an attachment you were not expecting. What should you do?
Call the person on the phone or message them and ask about the email you received. If they validate they sent the email and can confirm the content of the attachment, then chances are it is safe. Do not reply to the email you received – call them or create a new email thread to ask for verification.
You receive an email from a social platform or online subscription you belong to requesting you click a link to reset your password. This could also be your bank or your Microsoft Account. What should you do?
If you attempted to access an account online and needed to rest your password, then the email is likely a legitimate way for you to reset your account. If you have not attempted to login and the email is unexpected, do not click the link. If you want to login and check your account, open a browser and login, do not use the link provided in the email.
You receive an odd request from someone you know. This could come in the form of asking you to buy gift cards for them, this is a common attack vector. What should you do?
Do not reply to the email you received. Upon closer inspection you will find that the email address is not legitimate and may look very similar to the correct email. Reach out to the friend or colleague by phone, text or a newly created email to enquire about the request.
Notifying IT Of Suspicious Activity
It is good practice to let someone in your IT Department, or your IT Service provider know when you receive a suspicious email. When they are aware of the attacks, they can make changes to the hardware and software solutions to further reduce the incoming emails. Reducing the threat of attacks is an ongoing process and is NOT a set and forget activity. The more you talk about and share your experiences with cyber attacks, the more informed everyone becomes, and the less chance there is of a successful attack.
If you are concerned about Email Safety and Email Security for your business, drop us a line and we can review your options. Hosting a training session for your staff is someone we can help with!
