None

Think Before Clicking: Improving Email Security

​The internet can be a dangerous place for computers, as anyone who has logged many hours online can attest. City and town employees conducting their business by email often have multiple safeguards working alongside them. The City of Anderson, for example, uses network and email scanning at both the server level and desktop level, alongside spam filters to keep unwanted or potentially harmful emails away from employee inboxes in the first place, according to Jason Nixon, systems administrator.

Still, a computer's security in many ways rests in the hands of its user, and emails provide a critical opening for scammers to attack users. In recognition of National Safer Internet Day on February 5, consider these email security tips.

Be willing to be skeptical
Unsolicited emails arriving from unknown senders can provide hackers a useful way for getting malware into your computer. Viruses can spread through personal email accounts, and unknown senders can exploit methods to make an email appear as if it is coming from a known sender. "If an email arrives in your inbox from someone you know but you weren't expecting an attachment, delete it or contact the sender by an alternate method to confirm," Nixon said.

The more tempting the link or attachment is, the more likely it's fake
Emails can give a false impression of an urgent message of a problem from a bank, credit card company or government source. Links on these can go to websites meant to look like those of the real institutions, or they can appear as links to the real thing when they aren't. When seeing a link in an email, Nixon suggests hovering over the link and allowing the address to be displayed. "If it looks suspicious or you aren't certain of its destination, don't click it," he said.

Train for the attack
Proactive training and collaboration with IT can help as well. "If we see a headline in the news such as a ransomware attack," Mike Jann, IT manager for the City of Greenville said, "we may take that article, send it out, and use it as an example of the need to remain aware and vigilant of suspicious emails. We'll also highlight areas in that specific example where warning signs were missed."

Jann said his office also encourages employees to give them notification of suspicious emails, allowing them to identify the threat level and give the user or the entire user base feedback. "As we've ramped up our training and education of users, we've seen a corresponding rise in the number of emails our employees are flagging," he said. "In terms of whether the users are correctly flagging harmful email, I'd say they're right more than 80 percent of the time, which means our efforts are paying off."

Anderson also utilizes harmless dummy phishing emails as a drill, encouraging user vigilance and identifying training needs.