An executive recently wrote me, “I got a virus that infected our network because I opened an e-mail message from someone I didn’t recognize – I’ll never do that again!”
While that strategy may help some, it is far from being a reliable way to protect your network. First of all, without performing some technical detective work, it is hard for a non-IT professional to tell who the e-mail came from anyway. You may get an e-mail from a cybercriminal who uses “spoofing” to make the e-mail message appear that it is coming from your best friend, bank, the FTC, or anyone else.
Better protection comes from scanning tools running at one or more locations including your e-mail server, your firewall, your spam filter, and the anti-virus client on your local machine.
Training users “not to open e-mail from strangers” is a moot point if your user is supposed to open e-mail messages from prospects interested in your company’s products and/or services. There is some training that matters though…
Train your users to NEVER click on a link in an e-mail message. The link may say to the user, “click here to read an important announcement about your future employment at this company” and the link underneath may take the user to, “hose the network now dot com.”
Also train the users to never send out any private information in an e-mail message or attachment. The message can be misaddressed, intercepted or forwarded to the wrong person. If something is private, it needs to be encrypted using an effective encryption method. In another blog entry I addressed data loss prevention tools that can even help identify these messages and stop them before they leave your organization.
If your executives or other users use the strategy of “not opening mail from someone they don’t know,” that is a red flag alerting you to a problem you can resolve ASAP.