How Are You Handling Suspicious Emails?

Filed under: IT Support

Suspicious emails continue to present one of the biggest security threats to businesses and organizations. According to one research firm*, one out of every 100 emails is sent with malicious intent. That doesn’t sound like much, but consider how many emails your company receives in an average week. Then, keep in mind that it only takes one phishing or spoofing email to derail your entire business operations.

Victoria Rausch
Owner, Davik Consulting, Inc.

But first, what are phishing and spoofing emails? With phishing, an email might direct you to an external link, where you are asked to input your user name and password. These emails are fake, of course, and are created with the goal of obtaining your login credentials. Spoofing is a similar concept; these emails are designed to appear so legitimate that you are tricked into believing they are real. Then you give away important information, thinking you are communicating with your bank, another business, one of your vendors, or even a social media platform. For business owners, problems can arise when employees fall for these tactics.

With those ideas in mind, do you have an official policy on suspicious emails? If not, you’re not alone. Many companies have neglected to implement an email policy, mostly because they don’t know what a good email policy entails. No worries; that’s what we’re here for.

Filters. Many email programs provide filters to help reduce the number of suspicious emails. It’s important to remember that sometimes a phishing or spoofing email can get through these barriers, but they do help significantly.

Labels. You can also adjust your settings so that incoming emails from outside the organization are marked “external”. This can help employees recognize potential threats before opening the email.

Education. The most important aspect of email management is employee training. When employees know how to spot suspicious emails, and what to do about them, you can slash your risk of an attack significantly.

Proxy servers. Using a proxy server can stop access from known malicious sites.

Two-factor authentication. When offered, opt for two-factor authentication to protect login credentials. In the event that a hacker does obtain a username and password, he or she still can’t log into an account without the second key, which is usually sent to your phone or email.

We can help you establish a solid email policy to deal with spoofing and phishing attacks.  Call Davik Consulting at 888-RING-MY-TECH and we’ll be happy to answer your questions, assess your current security measures, and make recommendations to tighten up your protections.

 

* https://www.fireeye.com/content/dam/fireeye-www/offers/pdfs/pf/email/ig-it-only-takes-one-email.pdf