Email security: The threat is real Published Sept. 22, 2015 By Tim Childers Chief, Hill AFB Information Assurance HILL AIR FORCE BASE, Utah -- When we hear the word security, many of us think of physical security such as don't talk to or open the door for a stranger because it could lead to trouble. Why though do many not apply that same wisdom to cybersecurity? Why do we open email, engage in email conversations, and click on internet links from strangers? Maybe it's because we don't perceive the threat as being real; however, when you forgo email security, you are opening the door to trouble. Below are some email security tips to heighten your cybersecurity awareness. Tips about email use Your organization requires that you agree with the following terms of use before accessing your email. Email use must not adversely affect performance of your role or reflect poorly on your organization. To use email appropriately: · Do not use email to sell anything · Do not send: · Chain letters · Offensive letters · Mass emails · Jokes · Unnecessary Pictures · Inspirational stories · Avoid using "Reply All" to prevent sending unnecessary email traffic · Only make personal use of email if allowed by your organization · Prevent viruses and downloading of malicious code: · View email in plain text and don't view email in Preview Pane · Use caution when opening email: Look for digital signatures if your organization uses them. Digitally signed emails are more secure. · Scan all attachments · Delete email from senders you do not know · Don't email infected files to anyone · Don't access Websites in email or popups Follow your organization's policy on webmail (a web-based service that checks email remotely). If webmail is allowed, use caution as it may bypass built-in security features and other safeguards, such as encryption, and thus may compromise security. Tips about internet hoaxes Internet hoaxes: · Clog networks · Slow down Internet and email services · Can be a part of a distributed denial of service attack To protect against Internet hoaxes: · Use online sites to confirm or expose potential hoaxes · Don't forward email hoaxes · Follow your organization's policies on loading files onto workstations and laptops Tips about phishing Phishing attempts use suspicious emails or pop-ups that: · Claim to be from your military service, government organization, Internet service provider, bank, or other plausible sender · Direct you to a Website that looks real · Claim that you must update or validate information · Threaten dire consequences Assume all unsolicited information requests are phishing attempts and follow your organization's IT security policies and guidelines. To protect against phishing: · Do not access sites by selecting links in emails or pop-up messages. Type the address or use bookmarks. · Contact the organization using a telephone number you know to be legitimate if you are suspicious of a link or attachment · Delete the email or forward to your security POC · Report emails requesting personal information to your security POC or help desk · Look for digital signatures · Never give out organizational, personal, or financial information to anyone by email · Avoid sites with expired certificates. If officially directed to a site with expired certificates, report it to your security POC or help desk. Tips about spear phishing Spear phishing is a type of phishing attack that targets particular individuals, groups of people, or organizations. To protect against spear phishing: · Be wary of suspicious emails that use your name and/or appear to come from inside your organization or a related organization · Forward the spear phishing email to your security POC and then delete it Tips about whaling Be aware that high-level personnel may be targeted through complex and targeted phishing attacks called "whaling." Whaling: · Is targeted at senior officials · Uses personalized information: Name, title, official email address, sender names from personal contact lists · Is an individualized, believable message · Exploits relevant issues or topics To protect against whaling: · Be wary of emails that ask for sensitive information, contain unexpected attachments, or provide unconfirmed URLs · Forward the whaling email to your security POC and then delete it Next time you hear the word security, remember it also applies to the "cyberworld." For more information about cybersecurity, please call 801-777