Find Your
Email security isn’t something to be taken lightly. For many organizations, email is the most important communication channel. And if someone gains access to your account, it could open the door to any number of data breaches.
We have put together some Do’s and Don’ts when opening email campaigns to help you and your team protect your company.
We hope you find this helpful and if you have any questions please don’t hesitate to get in touch with a member of the NMBS Team.
Do’s
ALWAYS… check the email “from” field to validate the sender.
This “from” address can be easily spoofed. Spoofing is simply a means of disguising an email to make it look like it was sent from someone you know and trust. You can validate the sender by hovering your mouse over the “from” name field, which will then show you the actual email address of the sender. If the email address doesn’t match the person or company that believe sent the email, it’s likely a fraudulent email and should be marked as SPAM and deleted. Also, if the subject line or content in the body of an email makes you question why you received it, or why that particular individual sent it to you, then you should look more closely to confirm the sender before taking any action. It’s likely that person didn’t really send it to you.
ALWAYS… check for files with a “double extension”.
Although a text file named “safe.txt” is safe, a file called “safe.txt.exe” is not. The key is to closely look at the file name and extension to see it’s being disguised as something safe. If you ever receive an email with an attachment that you were not expecting, you should look closely at the file name of the attachment before ever deciding to open it.
ALWAYS… report suspicious emails to your Information Technology support team, or engage them for guidance before proceeding.
It’s very important for your IT department to be aware of suspicious activity so they can evaluate the email for potential threats, and also work to prevent malicious emails from entering the network in the future. It’s best to not simply forward the email, but to call your IT support team to make them aware of the situation so they can provide the proper guidance.
ALWAYS… look closely at website addresses (URL) that are included in an email.
Note that microsoft.com and www.support.microsoft.software are two different domain names (and only the first is real). Fraudulent websites can have domain names that look legitimate, but are actually created to trick you into believing they are. By visiting the spammers website, you’re giving them information about your geographic location (calculated based on your IP address), as well as your computer operating system and your browser. You also run the risk of the website infecting your computer with Malware. Bottom line, look closely at any URL and hyper link before clicking on them. If you suspect the website is fraudulent, you should contact your IT support team before just visiting the website.
Don’ts
DO NOT… open any email attachments that end with .exe, .scr, .bat, .com, or other executable files that you do not recognize.
You should also be very cautious about opening MS Word, MS Excel, and Adobe PDF files. There are several studies that show an increasing number of viruses and malware are being spread through these file types. Just about any email attachment can be malicious, so you need to be vigilant about opening email attachments. If you receive an email that you weren’t expecting, even from a person you know, you should be highly critical of whether it is legitimate, and take additional precautions.
DO NOT… ever click embedded hyperlinks within email messages without first hovering your mouse over them to see where they will take you.
By hovering over the hyperlink you will see the URL, which provides detailed information about network domain, website, or network location. If the URL doesn’t look like it will take you to the appropriate business, website, or Internet location that you would expect, then do NOT click on the link.
DO NOT… respond or reply to spam in any way.
Instead, use should mark the email as “SPAM” or “junk” in your email client, or work with your IT department to make adjustments to your SPAM filter to capture email from this sender in the future. If you don’t subscribe to an email SPAM filter, we recommend you incorporate one into your security practices going forward. They are sometimes included in your current email service at no additional cost, or can be purchased separately for a very low fee. A robust SPAM filter is a very inexpensive means of improving your overall security posture by minimizing the potential of threats being accomplished via email. It’s also great to help unclutter your inbox to allow you to focus on more important emails that require your attention.
DO NOT… “unsubscribe” – it’s easier to mark the email as “SPAM” or “Junk” than deal with the security risks associated with clicking on the “unsubscribe” link, or responding to an email.
There is certainly less risk if you know with a high level of certainty the email sender is trustworthy, but do you really want to take the chance?
All Members of the Team have an important Role to Play to protect your business
Email security isn’t just the email provider or administrator’s responsibility. It’s everybody’s responsibility. Here is a list of safety tips all mail server administrators should share with their users to help keep spam & malware to an absolute minimum:
- Change your password often.
- Use strong passwords.
- Never use a password that contains “password” or “letmein”. Use a different password for each of your accounts. If you use the same password for your bank account as you do for your email account, you become much more vulnerable to data theft.
- Don’t open an attachment unless you know who it is from & are expecting it. Be cautious about email messages that instruct you to enable macros before downloading Word or Excel attachments.
- Use anti-virus software on your local machine, and make sure it’s kept up-to-date with the latest virus definitions. If you receive an attachment from someone you don’t know, don’t open it. Delete it immediately.
- Learn how to recognize phishing
- Messages that contain threats to shut your account down
- Requests for personal information such as passwords or Social Security numbers
- Words like “Urgent” – false sense of urgency
- Forged email addresses
- Poor writing or bad grammar
- Hover your mouse over links before you click on them to see if the URL looks legitimate.
- Instead of clicking on links, open a new browser and manually type in the address.
- Don’t give your email address to sites you don’t trust.
- Don’t post your email address to public websites or forums. Spammers often scan these sites for email addresses.
- Understand that reputable businesses will never ask for personal information via email.
- Don’t send personal information in an email message.
- Don’t share passwords.
- Be sure to log out.
In many ways, your network is only as strong as its weakest link. Don’t be that weak link. In addition to the tools administrators use to keep unwanted threats out, user education is key to keeping your network secure.