Email Security

Contents

Common email security threats
Best practices

Common email security threats

• Malicious attachments or links from unknown senders could contain viruses, malware, or other harmful software
• Emails sent to the wrong user
  • Can lead to sensitive information being disclosed to someone who should not have access to it
• Email spoofing/phishing
  • Emails sent by attackers that appear to be from a legitimate source

Best practices

• Employees should be knowledgeable on best practices for email security
  • Hold regularly scheduled security awareness trainings to discuss Dartmouth’s electronic communication policy, common email security threats (see above), and recommended email security best practices (see below)  
• Verify senders/recipients
  • Before sending emails, verify recipients to make sure you are sending emails to the correct individual(s)
  • When receiving an email, check for signs of a suspicious sender
    • Examples include gmail accounts or addresses where the name/domain are slightly misspelled (e.g. jon.smith@dartmuth.edu vs. john.smith@dartmouth.edu)  
• Beware of email attachments
  • Always avoid opening attachments from an unknown sender
• Don’t click email links
  • Hover your mouse over hyperlinks in emails to see the actual link.
    • The best way to avoid harmful links is to bookmark important links and/or type domains directly into your browser (rather than copying/pasting or clicking directly on the link)
• Don’t send work emails from personal accounts or personal emails from work accounts
• Only use work email on approved devices
• Encryption of sensitive emails/attachments
  • Most major email services allow for encryption of messages
  • Encrypt attachments with sensitive information even if the email they are attached to is encrypted
• Avoid public Wi-Fi
  • Only use secure, password-protected Wi-Fi networks to check email
• Log out of your email at the end of the day