7) Sometimes, employees click on malicious links contained in emails. In case you have opened an email with a malicious attachment or clicked on what might have been a malicious link, immediately shut down your machine and inform IT. They will be able to isolate that machine from the network and carry out the necessary scans and remediation.
8) Compromised emailed calendar invites are a fairly recent threat. If you get one from someone you don't know or one that looks suspicious, don't accept it. If it is from a colleague but not using the corporate address, contact them to see if it is legitimate. In both cases, delete the invite so it can't cause any harm.
9) Be careful when using public Wi-Fi. Don't be tempted to log onto every bar or restaurant Wi-Fi network you come across. Avoid suspicious-sounding SSIDs. Hackers love to spoof genuine SSIDs to sniff traffic to steal passwords and user names.
10) Your company email account should be separate from your personal one. It goes without saying that you shouldn't use the same password for both and not use your personal email address as a way to store important work documents.
11) Don't post your work email address on forums, websites and blogs unless absolutely necessary. Hackers gather these addresses and use them for broad-based attacks and for spamming.
12) Do not download any software that has not been approved by the IT department. This could open a backdoor on your machine and used by hackers to gain access to the network or use your pc as part of a botnet, spewing out spam across the world.
A large number of security issues are avoidable if employees understand what they need to be aware of when it comes to email. As a practical tip, every organisation should circulate a few security tips regularly to refresh the employees memory and to remind the entire organisation that security is important.
- Sergio Galindo is general manager for GFI Software.
