Important Tool in Your Box: Spam Filter

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

I have been hanging out a lot with Chief Information Officers (CIO) and Chief Information Security Officers (CISO) these days at speaking engagements and conferences, as October – National Cybersecurity month – is always busy. The topic that keeps coming up in these conversations is phishing and how most ransomware attacks are started because an employee hits a malicious link or attachment. Although we continue to discuss how important employee engagement and education is to avoid these campaigns, another tool to use for cyber-hygiene for your company is a robust spam filter.

A spam filter is crucial to block malicious emails from ever getting to your users. Although not perfect, it reduces the ability of malicious emails to ever find their way to your users’ in boxes and the chance that it will be clicked on by an employee who may not have the ability to recognize it as malicious, or an employee working a bit too fast.

There is a constant balance between putting strong data security measures in place and your users being able to get their jobs done quickly and efficiently. I have heard from many CISOs that their company will not turn the spam filter on at the strongest level, which would keep out as many malicious emails as possible, because users will then have to go into their spam filter to release some of the messages, and users get up in arms when having to take that extra step.

We have to get to the point where users are as invested in cybersecurity hygiene as we are. We have to change the discussion so that users feel engaged in helping to secure the company’s data and WANT to take the extra step to protect the data and the company as vigilant data stewards and militia.

Employees really don’t want to be the one who clicks on the link that puts the company into a devastating tail spin. We just haven’t done enough to explain the risks and consequences of their digital actions and why they are one of the most important pieces in the data protection program. Once we adequately explain their role in data protection, as data stewards and the data militia for the company, they will complain less about the extra steps that have been put in place to protect the company. They will want to help. They will want to do the right thing. It is really no different than requiring employees to swipe a badge to get onto the elevator or into the office every day. We all know why it is important and we are willing to do it to protect ourselves and our company. It becomes a natural thing. The same should be true for protecting data.

Change the conversation with your employees and users so they are engaged in data protection and it becomes a natural and easy thing to do.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide