Users need constant education on email security

Print Friendly, PDF & Email

Did you happen to read our last post? Someone let one of the tech gurus out of the support cave, and he left this message for all of you.

In his role as a Support Technician, Frank has talked to a lot of people about the differences between ham and spam. You may have also spent time on this with your users, even if you didn't realize it. How many times have you had to say something like this when your users complain about spam:

  • You probably signed up for that…
  • I know you don't want that but it isn't actually spam…
  • The spam filter works fine, just stop installing free stuff that requires your email address!!

And so on?

We've talked about educating users on spam and phishing, but we rarely discuss the distinctions between unsolicited and unwanted. This distinction is important because it can empower users to protect themselves from ham.

As Frank points out in his post, users sign up for ham. Maybe they install something like a free media player and are asked for their email address. Maybe they purchased something and ended up on a mailing list. Contact capture forms are usually positioned in such a way that people submit them as part of the normal workflow of the site or application. In short, users ham themselves and usually don't know when they're doing it.

There is no “opt-in” for spam; you are just stuck with it. This is the stuff that requires non-stop vigilance. Constant updates to anti-spam databases, constant user education, constant re-evaluation of your defenses. As we've said, 30% of users will open an email even if they know it is malicious. Which means, you can't afford to let your users even see the spam, because 3 out of 10 of them will flip the switch on it.

It's clear that we need to continue to educate our users on several different fronts:

  • The danger of a phishing attack
  • The difference between spam and ham (unsolicited v unwanted)
  • The problems with opening an email suspected to be malicious
  • Common sense steps on dealing with email

Frank and I talked about this earlier today and he put it this way:

“It's not a matter of flipping a switch. You have to work at user education, constantly conditioning them until they have what they need to protect themselves and the network.”

How do you train your users on spam and unwanted email? Do you give them an orientation when they get started? Do you have on-the-job training for this? Let us know on social.

Connect with us on Facebook, LinkedIn, Twitter or Google +.

·  Barracuda Spam & Virus Firewall product page and risk-free 30-day demo
·  Barracuda Technical Library – product documentation
·  Live demo
·  Product blogs
·  Customer testimonial video

Scroll to top
Tweet
Share
Share