T2021_07 Safety Tips When Using Corporate Email (25th March 2021)

Email scams and attacks continue to be increasingly harmful to organizations. Therefore, it is a general rule to avoid sending sensitive information via email. Below you will find tips both employers and employees alike can follow to ensure the safety of company information while communicating via email

  • Be sure of the sender- this may not mean that the email is spam or malicious but it would be wise to approach with caution. Look for red flags. Were you expecting an email from the source? Is the content in context with the service that you provide?
    There can be other red flags even if the email is a known contact so it is also advised to keep an eye out in case the sender’s account could have been compromised.
  • Avoid sending any sensitive information via email- When you send an email, you no longer have control over what is done with it or to whom it is forwarded. Sensitive information such as passwords, bank account numbers and social security numbers should never be sent via email.
  • Don’t take immediate action- Emails with malicious intent require action to achieve their task whether it be clicking a link or opening and downloading an attachment. A virus in an attachment cannot affect your computer unless you actually open the document. This even extends to “Unsubscribe” links. Many spammers will use a fake Unsubscribe link as bait for further malicious intent, such as taking you to a website that will infect your computer with viruses or cookies, or adding you to further communications lists.
  • Use a spam filter- Spam filters help you keep spam emails from your inbox or flag spam emails so that you are aware of them. Depending on the software and configuration, some spam filters can automatically eliminate junk emails and block web bugs that track your activity and system information.
  • Check known spam data centers- Some well know internet security vendors maintain a list of known spam email senders and their IP addresses. This can be a handy tool for using email safely, and verifying any email you have received that you think may be spam.
  • Use antivirus Software- It is important that you install and maintain an antivirus software to prevent infection.
  • Remember to log out- It is very important that you remember to log out of your email account especially if you’re using a public computer. This may save your account from unwanted trespassers.
  • Frequently change passwords and don’t share it with anyone- It's recommended to change passwords at least every 60 days. Use a mix of letters and numbers, as those passwords are harder to brute force. The password should not be easy to guess, a common mistake is to use the company's name in the password or something generic such as “1234” or “Password.” Never share your passwords with anyone.

The Guyana National CIRT recommends that users and administrators review these recommendations and implement where necessary.

PDF Download: Safety Tips When Using Corporate Email.pdf

References