Your employees are an important line of defense in your organization’s fight against spam. Therefore, it is important to train and educate them in the following best practices:-
1. Don’t respond to spam
Don’t click on attachments in spam or junk mail out of curiosity because there is no going back once you do. Most malicious content (viruses, malware, worms, trojans) is usually programmed to be activated at the click of a button.
Additionally, just clicking on spam mail motivates spammers more. By responding to spam, you verify to spammers that your email address is valid. They will, in turn, send you more spam. Spam is not only unwanted but a potential threat to your data as well as your entire organization’s network.
2. Never send sensitive/private information via email
Legitimate companies will never ask you to send passwords, bank credentials, PIN numbers, login credentials, social security numbers, or any other important information via email.
3. Verify suspicious emails
Do not click on any links or download attachments from unfamiliar contacts, especially if the message sounds urgent but seems dubious. Some common spam email subjects contain words like request, payment, transfer, and urgent, among others. The end goal here is to trick employees into making quick decisions or release funds to fraudulent parties.
Entire internal networks have been brought down because somebody unknowingly opened a virus or malware and basically invited it into the system because it advertised a new and exciting job opportunity!
4. Use your work email address for work-related purposes only
Do not sign up for non-work-related mailing lists. If you do, you may be tempted to browse through the latest phone catalogs, shoes, cars, etc., during your working hours.
Even with the best spam filter, there is no way to completely eliminate spam. However, if you take appropriate measures to limit just how much junk mail gets through, you will maintain your high-productivity levels and reduce the risk of losing valuable time browsing sites that are not work-related.
5. Create backups
Have at least three copies of your critical data, and one of those copies should be off-site using a cloud backup solution from a trusted managed services provider (MSP).
6. Report suspicious emails
Collecting security data can be a daunting task. However, you may consider setting up a streamlined and centralized information gathering system through your IT team. This would be an avenue for your employees to report suspicious emails. Your IT team can then blacklist any sources deemed to be a threat.
7. Utilize application-specific or 2-factor (2FA) authentication passwords
To enhance your email security, train your employees to use application-specific passwords when accessing their email via third-party email clients such as Outlook, Thunderbird, etc.
An application-specific password is a unique autogenerated 16-character password for your account that’s used only for a specific program – for instance, your email, calendar, or contacts. Application-specific passwords let you sign-in to your account securely.
You can have an application-specific password for different devices e.g., your tablet, phone or laptop. This password is usually unique for each device. In the unfortunate event that your device gets lost/stolen, you can delete the specific password assigned to that device so that your email remains inaccessible on the lost/stolen device.
You do not have to worry about remembering your 16-character password. It is always saved on your device’s application once it is entered. This application-specific password is encrypted in storage and in transit; therefore, you do not have to worry about it being hacked.
Also, where possible, train your employees to use 2FA when accessing their email via a browser. 2FA verifies a user’s identity by requiring more than one credential to authorize access.
MailSafi’s email hosting solution supports two-factor authentication and application-specific passwords. MailSafi also offers gateway/cloud-based email spam filtering services. Contact us for more information or to register for our service.