new email security etiquette
DC the Computer guy
You might be wondering why we need New Email Security Etiquette. In a word, Phishing. Every week we have clients falling for these scams, and the cleanup process is not quick or easy. Aside from changing the passwords for everyone affected in the organization, tracking down the damage and where it spread takes time and affects productivity. Whether you’re a home user or a business user, we’re all getting spammed with phishing emails, and the malicious ones aren’t always obvious, even to the experts.
On top of this, an increase in successful Spear Phishing attacks has led to many of us getting emails from legitimate accounts owned by friends, colleagues, and business associates who have been hacked. This happens when email credentials are stolen, and the hacker sends malicious emails to everyone in the victim’s contact list. Because it’s a valid account, it looks familiar and won’t always be caught by spam filters, making it easier to catch us unaware and get us to click on malicious content.
Because these types of attacks are so successful, cybercriminals won’t stop. So it’s up to us to find new ways to beat them.
EMAIL SECURITY ETIQUETTE
Let’s talk about etiquette. In this case, we define it as a code of ethical behavior regarding practices among people that governs their dealings with others. Email Security Etiquette means communicating more effectively and securely for personal use and in the workplace. Following this line of thought, with some basic rules, you can stay secure no matter who is sending the emails.
Links and Attachments Etiquette
We all love to share via email, whether it’s a link to a funny video on YouTube or pictures of a puppy playing. In the business world, links to articles and attachments that include receipts and proposals are pretty common. We all get them, but that same commonality works against us and makes us less secure.
Basically, we’re used to clicking on links and opening attachments. That’s why cybercriminals attack us that way. They are literally attacking our habits.
In the old days, the etiquette used to be to mention the link or attachment in the email, so the recipient knew what to expect. Unfortunately, cybercriminals know this, and so they replicate it. To be secure, we should follow one simple rule of email etiquette:
Stop and Confirm. That means if you are not expecting a link or attachment in an email, regardless of who it is from, contact that person to make sure it’s legitimate.
It’s as simple as that.
And when you do confirm, don’t reply to the message – stop and either pick up the phone, send a text, or send a new email to confirm. Hacked email accounts often have rules set up with automated responses, so be wary if the response returns immediately. Taking these extra steps to stay secure will save you a lot of trouble in the long run.
General Email Security
Email is a lot less secure than most people think. You should always avoid sending sensitive information about yourself like passwords, financial information, or social security numbers through email. If anyone asks for this information, you should be suspicious. When you question it, legitimate businesses will either make it optional or provide you with a secure way of sharing this information. Cybercriminals will try to scare you into revealing it.
Cybercriminals and scammers are successful because they’re good at manufacturing a sense of urgency and using fear to get what they want. They want you to react before you think. If the wording in an email makes you feel uncomfortable, Stop and Confirm.
Anytime you get an email with an attachment for something that is not your job, always Stop and Confirm. I see client employees fall for this all the time. They open malicious attachments claiming to contain invoices or proposals that have nothing to do with their job responsibilities.
Cybercriminals and scammers use fake login pages to steal credentials all the time. If you click on a link that takes you to a login page, Stop and Confirm! Especially if you are not expecting the link. Faking a login box to look legitimate is remarkably easy.
Awareness and Best Practices
As I mentioned, cybercriminals attack us through email because so many people fall for it. The best way to avoid it is to Stop and Confirm. Being aware of the threats and following best practices with email is a great way to defeat phishing scams! Now, that you know how, it’s up to all of us to employ some effective Email Security Etiquette.
President And Owner
I left big business to start Clark Computer Services in 2003; not because I had a grand vision, but because I had three young children who needed their Dad around. Knowing I had to replace my salary, I went door-to-door visiting small businesses to introduce myself and ask if they needed IT support. I heard story after story from business owners and office managers about IT companies not returning calls and emails, grumpy technicians showing up late or not at all, and systems being down for days, weeks, and in some cases…months. I realized quickly that there was a clear and pressing need for reliable, honest, and professional IT support completed pleasantly and on time.