According to the 2015 Verizon Data Breach Investigations Report of those who receive malicious emails, “23% of recipients now open phishing messages and 11% click on attachments.” For anyone who has been around information technology for any length of time knows that these numbers are the reason why malicious emails have become the cyber criminal’s tool of choice to gain entry into a company’s network. The bad guys know that there is a high likelihood of success if they can convince someone in the company to click on a malicious link or download a malicious file attachment. Even someone with the least amount of privilege on a network can be a target because once an account or asset is compromised, the attack can be escalated by a threat actor who knows what they are doing.
Email security software is used to prevent illicit emails from reaching users who may be convinced to click, download or hand over credentials. However leaving the task of stopping phishing and spam to a small team of people who manage your email security software is leaving out one of the best resources you have on hand when it comes to stopping threats, the end-user.
The value of training users on email security software
Unfortunately, too many people think that because your company has email security software in place, they are safe from the dangers of malicious emails. Good email security software understands that this isn’t the case so it will always have an option for the user themselves to identify spam and phishing emails that may have slipped through their technical controls. Whether there is the opportunity for the user to flag an email as spam or add a sender to their blacklist, it is important that they are involved in the process because they are the ones who are receiving these emails. However, it is important that your users receive the proper training when it comes to your email security software because if they are left to figure things out on their own, they may leave themselves vulnerable or they may wind up blocking legitimate email messages by mistake.
Address the basics first
Before you begin teaching your users how to use the different features of your email security software, they should learn how to spot a malicious email. Train them in the different tactics used by threat actors and keep them apprised of trends used to bypass email security software. They don’t need to become cyber-security experts but they should understand that identifying spam has moved beyond looking for emails with misspelled words and poor grammar.
Once your users know what to look for, start teaching them how to use the features in your email security software that will help shore up your company’s defenses. Teach them how to report a message that is illegitimate, show them how to add senders to a blacklist and train them on who they should whitelist. Once they are competent in these skills, revisit your training frequently so that these skills do not become stale.
Knowledgeable end-users are the perfect compliment to your email security software, but only if that software leverages them the right way. Click here for a free demo of how Sendio’s offerings make use of your users and their ability to fight back against email threats.