Email is a wonderful communication and productivity tool, and it is also a hacker’s paradise. Large school districts, government agencies, and major corporations, despite investing heavily in highly advanced security software and tools, have all fallen victim to disastrous attacks impacting the entire organization.
Here’s the deal – even the most sophisticated security software will not stop 100% of the bad email messages from entering your inbox. Once in awhile, something will get through. At that point, it’s all up to you. You are our last and best line of defense; it’s critical that you be very suspicious about every email that contains links or attachments or asks for personal information. All it takes is one click on a malicious link or attachment; the results can be incredibly destructive to the entire organization.
Please accept a few suggestions on best practices you can use to stay vigilant and protect our critical data network from malicious attacks:
- Use a different password for each site. Longer, hard to guess passwords are best. Random words are okay. Don’t use personal data. If you have not changed your password in a long time, change it. Here are some tips for strong passwords. Use a password manager. Use Multi-Factor Authentication.
- Never open attachments or click on links received in an email from someone you do not know. Do not reply directly to the message. If you think it might be legit, verify the sender’s identity and intention via a separate email or a telephone call. Otherwise, simply delete the message.
- Be suspect of all attachments and links even if the message appears to come from someone you know. Hackers can easily and very convincingly pretend to be someone else. If you were not expecting to receive something from that person, do not reply directly to the message. Validate the information with them via a separate email or a telephone call before accessing anything in the message.
- Preview all links before opening them by hovering your cursor over each link to see what specific URL will be accessed. Do not click on a link if you don’t recognize and trust the site.
- Never provide your account credentials or personal information via email. District 99, or any other company, will not ask for passwords or other personal information via email.
- If an email contains data entry fields or a link for you to log in to an account directly from within the message, do not login. If you need to access an account, open your internet browser and go directly to the actual company website to log in there.
- If you encounter a pop-up window alerting you that your machine is infected with a virus or has some other problem that needs to be fixed, do not click on anything in the popup window despite how convincing or urgent it may sound. Contact someone on the tech support team.
- Finally, trust your gut instincts. Be suspicious. Malicious emails are often missing information, have misspellings, or just don’t seem right. If you are ever unsure whether or not an email message is legitimate or a scam, do not access anything in the message. Contact technology support in your building for assistance. When in doubt, simply delete the message; if it was truly legit and important, the sender will follow-up.
Watch this security training video, to explore email safety and security more deeply.