Has anyone at your organization ever received an email that was not what they thought it would be? Maybe it was a message from a vendor looking to verify sensitive account information; a message from an accountant sending completed tax returns in the month of August; or, a note from what appears to be from your healthcare insurance company asking you to confirm your date of birth in order to process a claim?
If your organization utilizes email on a daily basis, you are likely one of the millions of businesses who has been targeted by a spam or “phishing” email message. Phishing messages are intended to fool the reader into believing the message is from a known entity they are familiar with and maybe even trust. They often masquerade as messages from business associates, social networking services, or online retailers. Such emails usually contain hyperlinks or attachments and aim to garner a few mouse clicks from you – to advertise a product or service, exploit resources on your network for their own use, or in the worst cases, to thieve confidential data.
A few quick checks may save you and your organization from security headaches or data loss:
- Contact: Do you recognize the sender’s name and email address?
- Context: Does the subject line and content of the message (with respect to the sender) have real-world context for you and your organization?
- Content: Does the message contain hyperlinks, attachments, or images? If so, and you are not sure whether you should click them, you may want to check with your IT team or Help Desk.
To help lessen the amount of unwanted emails ending up in your end-user’s Inboxes, implement a powerful spam filtering solution that scans each email to determine if the email is legitimate, or not. Also, provide end-user training to educate your workforce on the threat landscape. These two solutions, in addition to the "quick check" above can help reduce the risk spam emails can bring into your organization and are critical elements of network security.
Does your organization need to become more educated about phishing emails? If so, sign up to receive more information about Security Awareness Training by clicking on the button below.
Kyla Morse is a Network Engineer who has been with Systems Engineering (SE) for the last five years. On a daily basis, Kyla works closely with SE's clients to help design optimized network infrastructures, troubleshoot issues, and serve as an onsite engineering contact.