Technology Security Enduser EMAIL

85% of cyber intrusions start with a phishing email.

Confident, 精通技术的员工在忙碌的一天中也会心不在焉地点击链接，但他们不太可能做到这一点. 拥抱科技的员工更有可能识别出虚假信息，而不太可能点击它们.

对技术感到不舒服的员工会在他们的技术上遇到许多“意想不到的”问题. Staff who are comfortable and confident have fewer “accidents”, making it easier for them to recognize uncharacteristic behaviors.

Here are some good practices for your email. 

 

Clean out your mailbox.

What’s in your mailbox? Do you need it? Or is it just forgotten liability, waiting to happen?

Most of us have years’ worth of email in our mailboxes. Once we’re done with a message, we file it ‘just in case.“有时候，菠菜信誉线上平台可能需要回去查看一封旧邮件——但不是很经常. 您的IT团队有一个归档邮件的计划，以满足公共记录的要求.

In most cases, mail older than a couple of years is rarely needed. 考虑是否可以在一年或14个月后存档邮件，并在两到三年后删除它. 您的IT团队可以根据适合您的时间表帮助您利用邮件系统自动完成这一工作. If you do need that 6-year-old message for something, your helpdesk can arrange to retrieve a copy from the master archive.

 

Email was designed for communication, not for storage and filing.

菠菜信誉线上平台保存信息的另一个常见原因是，它们有对菠菜信誉线上平台很重要的附件. Store those attachments with your other files and get them out of the mailbox. Here are a few common scenarios in which files are “stored” in email:

“Someone emailed me this document, and it’s needed for a grant / purchasing file / other long-term need.”

如果你离开组织，你的邮箱被关闭，这些信息会发生什么呢? Will anyone know where to find it, if it still exists? 如果需要这些信息，则将其存储在与其他相关数据相同的位置. Save it to the same folder as the rest of the documents related to that grant. Upload the invoice to your finance system. Print the e-mail to PDF and store it with the rest of the related files. (We don’t recommend dragging it out of Outlook to your file system. .MSG files aren’t designed to be stored independent of your mailbox.)

“I do most of my work from my mailbox. I need my files where I can get to them.”

通过使用工具达到预期目的，您将从您的所有技术中获得最好的结果. Email is designed for sending and receiving messages. 使用它来存储和管理文件有点像“打电话和给自己留一个语音邮件”来管理你的待办事项列表，因为, after all, you always have your phone with you! 最重要的是，大约85%的网络破坏是通过钓鱼邮件发生的. That means in 4 out of 5 network incursions, what’s in your mailbox is the first thing that an attacker gets access to. Keep your files someplace safer. 邮箱中等待攻击者发现的东西越少越好.

Sensitive data should never be in email.

Is your e-mail encrypted? HIPAA-secure? Protected in some other way? 这些都是许多组织实施的非常棒的措施，以防止他们的电子邮件在互联网的开放通信路径上传播时被拦截.

它们都不能保护您的电子邮件免受攻击者获取您的密码. 如果数据在攻击者获取密码时存在于收件人的邮箱中，它们也不会保护这些数据.

Store sensitive information in secure locations. If someone else needs a copy, 使用安全的文件传输工具进行传输(您的帮助台可以告诉您在您的环境中推荐使用哪些工具). 从您的谷歌驱动器安全地共享，使用选项只与特定的人共享. When that work is done, remove the share. If that person’s e-mail is compromised a year from now, don’t leave your sensitive data vulnerable by leaving it shared forever.

Be suspicious of links, especially from people you know.

As malware has moved into the realm of professional, organized crime, the quality of malicious messages has improved significantly.

仅仅避免“可疑的”链接是不够的，菠菜信誉线上平台现在需要对甚至看似合法的链接保持警惕. Once an attacker has access to any account in your system, 他们可以做两件事:看看在你的环境中什么是“正常的”，并假装自己是组织内部的人. 此时，很容易向您发送一个熟悉的同事发来的链接.

When you receive links.

当你收到一封带有链接的邮件时，在点击前将鼠标悬停在该链接上. Depending on your environment, you’ll see the actual link displayed in a tooltip, at the bottom of your email window, or both.

• Check to see that the link matches the text.
• Look for tricks! 恶意行为者通常会做简单的替换(大写i [i]替换小写L [L]), for example) or minor changes (MyAccounting.com rather than MyAccountant.com) that are easy for a busy reader to miss.
• “When in doubt, throw it out.” If the link is legitimate, the sender can send it to you again.

If you’re uncertain, call the sender. Use a number from their web site, or one stored in your contacts – the one in the email itself may be a fake, manned by an accomplice.

When you send links.

First and foremost – send links, not files. It’s faster, easier on the recipient’s mailbox, 不会将您的数据留在他们的邮箱中，以便稍后被潜在的攻击者发现, and you have the opportunity to unshare it when your work is done.
无论你发送的是文件还是链接，都要让收件人很容易相信你是真正的你. Make the time to type an actual message. Rather than just “here’s the file I promised” – which, after all, 看起来很像恶意的信息——做一个明确的声明，让收件人清楚地知道他们收到了什么以及为什么.

“这是我在周二的员工会议上提到的信誉菠菜论坛早期儿童发展研究的数据分析”可以让收件人更好地确定他们收到了什么，以及为什么收到.

If you have to send obscure links, take a moment to explain them. For example, 许多邮件活动经理和活动注册网站会发送一个复杂的随机字符链接到你的“在这里注册”!” page. 这些链接旨在帮助跟踪和衡量营销目的的点击量. 但如果没有人点击它们，因为它们看起来可疑，那就没什么用了. Consider including a second link.

“Our event registration is done through ConstantContact. 如果你在注册链接上有任何问题，你也可以在constantcontact找到它.com/myaccount/myregistrationlink.”

In other words, 花点时间给你的收件人他们需要的东西，以评估你的链接，并确定它是值得信任的.

If you receive a suspicious message.

When we’re uncertain about a message, 菠菜信誉线上平台的第一直觉通常是将一份副本发送给一个值得信赖的顾问，他可以查看并指导菠菜信誉线上平台.

Please don’t.

这条信息的拷贝越多，就意味着有人更有可能点击该链接. If you receive a message that you’re uncertain of, your best options are:

1. If your organization has an automated reporting feature, use it! 这将提醒所有正确的人，并让您的邮件系统对您产生怀疑.
2. If automated reporting is not available to you, your tech team can look up a message by knowing its subject and time stamp. If you think the message may have gone out to others, 将该信息发送到您的帮助台，您的技术团队可能能够删除邮件服务器上的所有副本.
3. Delete. And Delete again. Delete it from your mailbox. Delete it from your deleted items. Make sure it’s gone.

But what if it’s legit and I really need it?

如果它是你确实需要的东西-发送者可以随时给你另一个副本. Give them a call and ask – you’ll be doing them a favor. Others probably deleted their message too, which means they haven’t reached people they intended to reach. 给他们一个机会，让他们意识到他们的信息看起来是怎样的，不仅会让他们以一种人们会接收的方式重新发送信息, it will also build their awareness, so their next message won’t get deleted by its recipient.

If you clicked on the link.

Call your helpdesk immediately. 而不是“在我完成这个任务之后”或者“明天我有时间和他们坐下来谈谈的时候”.” Now. 在恶意软件有机会在您的组织网络中站稳脚跟并影响到每个人之前.

Run a virus scan. Change your password, so the one the thieves just stole isn’t useful to them. 确保你所有的电脑都有防病毒软件保护——包括你口袋里的电脑. 大多数人忘记了智能手机也是电脑——一些恶意软件专门针对它们.

Speed is of the essence. It doesn’t take long for malware to spread. “Waiting until tomorrow” = “giving malware hours to spread.” The farther it spreads, the hard it is to rein in. 如果可能，关闭你的机器，直到你的技术团队可以确保它是安全的.