Illicit emails like spam and phishing attacks are something that people have to deal with on a daily basis. However, those who serve as email administrators don’t have the option of just dealing with email borne attacks. Email administrators are the ones tasked with stopping and containing malicious emails and most realize that email security needs to be taken seriously.
Unfortunately, the one or two people who handle email responsibilities for your organization can’t be the only ones who take the email threat landscape seriously. Everyone in the organization needs to understand a few things when it comes to their email and these are:
- What they can and cannot do with their work email
- What threats are out there
- The damage that these attacks can do and the ramifications for your organization
- How to identify these threats
- What your organization is doing to stop these threats
- What to do if they encounter an email based attack
As the email administrator part of your job is, or at least should be, educating your coworkers to all of these things about email security. For some, this is easy but if you are one of those who is more comfortable behind a wall of monitors than you are in a face-to-face conversation then this might be a difficult task. Understand, however, that if you are able to convey the seriousness of email security to your coworkers you will be much more effective at your job; and here is how you can go about doing just that.
Use Policies as Support
Every organization should have some type of policy that dictates the use of email in the workplace. Some smaller companies don’t put this in writing because the rules are “understood” but this isn’t good enough. They need to be written down and people need to know what is expected of them. You may think that everyone knows that they can’t send off-color jokes or make inappropriate comments through email but it happens more often than it should.
With these policies in hand, you have the support of management and this will usually help open the door with your coworkers. Use this as a way to break the ice and lead into the meat of your discussion.
Show Others What Is At Risk
Before you start thinking about what you are going to use here whatever you do, don’t exaggerate and use scare tactics. They rarely work with adults and can easily cause people to disregard what else you have to say.
Be honest about the threats and use specific examples; use examples from your industry if possible. These are easy to find using an Internet search.
Next, tie in how these threats effect them specifically. In a large organization a multi-million dollar fine for a data breach may be written into a budget somewhere but most small to medium sized organizations simply can’t take that kind of hit without having to cut back somewhere.
Simply telling your coworkers that email threats are bad won’t buy you any credibility or win you any allies. Instead of general statements, tell them exactly how a virus can be sent using an email and what it can do. Show them how data can be leaked through an email message or how a spear-phisher can steal user credentials with a fake login screen or by including a link to a malicious website.
Finally, explain to them how to spot dangerous email messages and what they should do when they receive one. Go over your investigative process with them instead of just telling them that you will look into any suspicious emails. The more they understand about how things work the more likely it is that they will see just how important it is for them to take this topic seriously.
Good email administrators understand that their users are often the last line of defense and that an educated user, coupled with a solid anti-spam filter, is the best defense you can have against email based attacks. If one of these is ignored or not given enough support then the organization is left open to an attack that could have possibly been avoided.