Its difficult to imagine a workplace without email. Email threads are used by teams to organize and discuss a task, emails are used as memos to reference back to when policies change. Emails can be used to contact clients or to send out invoices. The reasons you would send an email are infinite which is why your inbox is one of your organization’s biggest vulnerabilities. But can you really infect your entire system by simply double-clicking on it?
The easy answer to this is no, and yes.
As long as your network is using updated software for your mail client, browsers, and operating system, simply opening the email should be safe. This is because software patches are responses to security holes and new vulnerabilities and if you are running the latest patch, you should be safe. The actual text of the email is just that, just harmless content. Previous security issues with email clients like Outlook meant that simply opening the email means your computer is infected and if you have worked with email in the past it is likely that this is where anxiety about opening the mail and unleashing a network-killing virus comes from. This vulnerability was fixed and most modern email clients won’t automatically open pictures found in messages because of the security risk involved in downloading them.
The real danger comes from attachments and links found in the message itself. In fact, viruses from attachments are a primary means for hackers to introduce malware into your system. Phishing attacks happen to thousands of users every day. Hackers can cast a wide net, or specifically target an individual user.
What can you do to keep your network safe?
Total network and email security starts with the user. As someone that uses a computer to communicate, collaborate, and process data, it is your responsibility to stay ahead of the game and understand the threats to you and your company’s network and how to fight them. Security Awareness Training is a great tool to arm you and your team against email attacks but there is also a lot you can do to keep your company safe with the information you already have available. So the next email you receive that looks ”funny,” ask yourself the following before opening that attachment or clicking on that link.
DO YOU TRUST THE SOURCE?
Look at who sent it to you from their address. Is it someone that has sent you attachments? Do you recognize the address? Is it from someone you know? Attackers can change small parts of email addresses by adding a letter or two, an underscore, or with slight spelling variations to trick you into thinking the attachment came from a trusted source like a client or bank.
WHAT DID THEY SEND?
You should check the file type of any attachment before opening it. Viruses can be hidden in any extension except .txt, all others should be treated with caution.
Are you expecting an attachment?
It’s possible that you receive reports and invoices and the like via email. But if you are contacted out of the blue by someone you don’t know and the email contains a file attachment you weren’t expecting, you will need to look a little deeper, and may even call the senders or supposed senders to make sure this was something that was truly sent by them.
What are your company’s network safety procedures?
If your company has more than a few users working on computers or if users work from home networks or use their own devices for work purposes, then it is likely that your company has established written network security procedures. Familiarize yourself with them or request to be trained on them because they are there for your safety and the safety of your company’s computer networks.