The best email security comes through strategy and tactics

gosphotodesign - Fotolia


Educate users to avert email phishing attacks

Attackers work day and night thinking up new ways to bypass IT security. Educate users on ways to avoid email phishing attacks so you can rest easy.

Cybercriminals use more sophisticated and efficient email phishing methods to attack businesses, forcing IT teams...

to protect systems from frequent and costly data breaches and infections. But security tools aren't enough to stop advanced threats.

Ransomware and other malicious code often slip through the IT defensive perimeter -- despite IT's best efforts. Several recent attacks occurred when unsuspecting users clicked on a link or opened an email attachment that ran malicious code and infected the computer. IT departments use several tools to reduce these threats, but attackers shift tactics constantly, and not all security components can block every threat.

Don't rely on technology; take a more human approach to defend the business and educate users. These four critical steps will build a successful security culture and awareness within an organization.

Create a human security layer

Chief information security officers recognize that no single security initiative or measure will block every threat; those tactics exist to diminish the risks associated with an attack. Even with security tools, unsuspecting users could inadvertently give away credentials and cause a data breach.

To bolster protection, train and educate employees about lurking threats, which come in different flavors and different approaches. To prepare employees, teach them what to look for in phishing attempts and what to avoid in email messages. Some organizations make it mandatory or part of a yearly review to address security.

Perform regular security audits

To bolster protection, train and educate employees of lurking threats, which come in different flavors and different approaches.

IT performs audits to uncover security gaps within the environment. In addition to performing a technical audit, use a third-party service, such as KnowBe4, to send a fake spear phishing attempt via email to all users. The service then reports back to IT on who responded or clicked on the links. IT can give those employees additional training.

Open up feedback to collect and document new threats

With email attacks, cybercriminals pose as an employee or encourage the end user to open a document or link. As attack strategies continuously evolve, IT must keep up to date on new methods before it can devise a strategy to defend against them. Encourage users to self-report some email messages with a designated IT resource. This helps the organization catalog attack methods.

Provide frequent security reminders

Create regular reminders and routinely schedule lessons to ensure security remains top of mind for all end users. Build different security campaigns -- periodically send out newsletters and post videos that warn of recent threats and provide email security tips. This reminds users to be proactive to protect themselves from attacks.

Organizations implement security awareness to mitigate the risks of infections or data breaches that come with email attacks. No single security system will block all threats that arrive via email; end users that know what to look for are less likely to fall victim to an attack.

Next Steps

Train employees to ward off attacks

Test your Office 365 Advanced Threat Protection knowledge

Respond quickly to a malware attack

Dig Deeper on Exchange Server setup and troubleshooting