What is Extortion email?
February 14, 2024
SPF DKIM DMARC email measures not yet secure enough
February 26, 2024
Measures required for organizations regarding email
Set email policy
Organizations should have a clear email policy which sets guidelines for sending and receiving emails. This policy should include the consent policy before sending commercial emails, the email sender identification policy, the spam email notification policy, and email usage policies that include using strong usernames and passwords. Additionally, the policy should ban sending spam messages and prohibit disclosing secret information.
User management
Rights Management and email-related accessibility are important. Setting data access rights, managing user accounts, and controlling authorization in sending emails, etc. will help prevent incorrect use.
Use email filtering technology
Email filtering technology can help filter spam emails and malicious emails before they reach users' inboxes, reducing the risks associated with email attacks.
Regular inspection and evaluation
You should check your email regularly. To find signs of cyber attacks identity theft and information leakage Including evaluating email use regularly. To find weaknesses and opportunities for improvement
Training
Knowledge and intention of personnel are important factors to prevent problems via email. Providing training on cautious responding to potentially dangerous emails, knowing how to deal with spam, and protecting against email attacks will foster higher awareness.
Email security training
Training employees about email security is extremely important for every organization because email is the main communication channel used in the organization. Employees must be aware of cyber threats that may occur via email and learn how to protect themselves from those threats.
Training should cover the following topics.
- Potential cyber threats via email, such as phishing, malware, and ransomware.
- How to spot malicious emails, such as those with suspicious links or attachments. Emails written in inappropriate language or with incorrect grammar.
- How to avoid becoming a victim of cyber threats, such as not opening unknown links or email attachments. Do not respond to emails requesting personal information.
Training can take place in a variety of formats, such as lectures, demonstrations, games, or online training.
Examples of training content
Potential cyber threats via email
- Phishing is the practice of tricking email recipients into revealing personal information such as passwords and credit card numbers.
- Malware is a malicious computer program, such as a virus, Trojan, or worm, that can damage a computer or steal information.
- Ransomware is a computer program, a malicious program that encrypts files on the email recipient's computer and demands a ransom in exchange for restoring the files.
How to identify malicious emails
- Emails that contain suspicious links or attachments, such as links with strange names or attachments with suspicious file extensions, may be related to sending malware such as .EXE, .SCR, .PDF, .VBS, .RTF, .DOC, and .XLS. Additionally, file extensions such as .PDF, .DOC, .XLS, .RTF, .JPEG, and ZIP may be related to phishing. These file extensions are commonly used in general work, so it is important to exercise caution when opening or running them. It is advisable to refrain from opening files sent from unknown senders or if the nature of the email content is strange or unusual.
- Emails written in inappropriate language, with incorrect writing or spelling, and using incorrect grammar, or sometimes there may be Thai language writing. By using language translations that use strange words or expressions that are not commonly seen.
- Emails that ask you to reveal personal information, such as passwords and credit card numbers.
How to avoid becoming a victim of cyber threats
- Do not open links or attachments from unknown emails.
- Do not respond to emails requesting personal information.
- Keep your antivirus and cybersecurity software updated.
- Be careful when clicking on links or opening attachments from people you are not familiar with.
Training employees about email security is a worthwhile investment for any organization. Training helps employees protect their organization's data from cyber threats.
Using email in the organization poses a security risk that requires effective coping. Implementation of appropriate measures, both in technical terms and policy, will help adjust the system to work experientially and safely, allowing the organization to progress and remain stable in this digital age.
