Blog

in the 3 decades i’ve been using email – it’s been in the latter half of that time – that there’s been a swelling concern over attacks using email

naturally – i had gotten warnings about email hacking – and took training to detect suspicious emails – which always includes being told to avoid malicious links or attachments – by putting each one thru a battery of tests and inquisitions

despite my experience – and training in cybersecurity – i still found myself a victim of email hacking – i’ve even had to go thru demeaning mini-lessons in cybersecurity mandated by the company 

eventually i noticed something ironic

isn’t it ironic that legitimate emails from others in the company have links and attachments – which you are SUPPOSED to click on or open – they arrive so often that those actions become habitual – in other words – the company is TRAINING you to do the wrong thing – they do it so well that it becomes a reflex – and with hackers becoming more sophisticated about creating convincing emails – it’s hard not to get caught clicking – instead of investigating

the obvious solution is one that no one mentions – the company should prohibit links or attachments in company emails – instead links and files should be put in a secure folder on the company network – and emails should point to that folder – with instructions of what should be done in that folder  

Examples:

“Look for filename Portfoilio1234.doc in the company folder.“

“In the links list in the company folder, click on link 5678.“

this is more secure cuz company networks usually have protocols setup that ensure you are logging into the company network – files and links would be more secure there than in an email

no more links in company emails – no more attachments in company emails – consequently – employees will reflexively avoid links and attachments in emails – and almost never activate them

—

online services – such as banks – medical services – retailers – etc – should adopt similar schemes – they use links in emails cuz it’s easier for the customer to get to a target page – customers come to rely on them – and hackers know how to take advantage of this – they substitute links to their data hungry website instead – which are carefully designed to match the company website – so that they fool all but the most vigilant

to avoid this – customers should manually call up the company website – this is the step the company is trying to spare the customers – but it’s the step that is crucial to avoiding being misdirected to the hacker’s website – customers should keep the URL as a browser bookmark – or should type it in every time – just to make sure

on the landing page – companies could add a input window – into which the customer can paste a code from an email that will zip the customer to the target page – since that will be done after the customer personally selects the URL and logs in – it should prove safer than direct email links