Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericgeater
Community Champion
‎12-08-2022 10:49 AM
‎12-08-2022 10:49 AM

Improving email communication behavior (or, "Be the change you want to see")

Your users endure year after year of Security Awareness Training which repeatedly say, "Don't click on links / attachments", or "[insert your org's preferred response to UCE here], then delete".  And year after year, campaign after campaign, people still click on links and open attachments.

 

A question I recently read on LI said it's hard to counter this behavior because HR (or legal, or finance, or whomever!) constantly send messages which subvert the SAT.  Which is to say, that users should not really be held at fault when using such mediums exactly as they're intended to work.

 

It's unfortunate for users who are repeatedly told to NOT CLICK, and then receive official communication which FORCE CLICKING.  So I'd like to hear ideas on changing behaviors so that both SENDERS and RECIPIENTS adhere to something safer.

 

What does your enterprise do (in terms of policy, controls, communication) to shift behaviors?

-----------
A claim is as good as its veracity.
Reply
9 Replies
ericgeater
Community Champion
‎12-08-2022 10:55 AM
‎12-08-2022 10:55 AM

This is the LI post, for those who'd like to read and respond:

 

Post | LinkedIn

-----------
A claim is as good as its veracity.
Reply
0 Kudos
tmekelburg1
Community Champion
‎12-08-2022 11:08 AM
‎12-08-2022 11:08 AM

Honestly, I can't complain about our SATE program because it has lowered the click rate to almost zero on our monthly phishing campaigns. We have a mandatory annual video training and weekly security reminders emailed out to keep it top of mind. Telling them not to click doesn't work but telling them to stop, think, then click is an effective strategy for success here. Can't wait to hear what others have to say!  

Reply
0 Kudos
gidyn
Contributor III
‎12-08-2022 02:10 PM
‎12-08-2022 02:10 PM

Do your mail server or endpoint management allow you to disable all mail links?
Reply
0 Kudos
tmekelburg1
Community Champion
‎12-08-2022 03:26 PM
‎12-08-2022 03:26 PM

@gidyn I mean...it has a power button as well. We could always go that route and see what happens. 😉

 

In all seriousness though, I've seen some replace the actual link with a safe link. I believe it was an O365 security setting that did it. 

Reply
0 Kudos
ericgeater
Community Champion
‎12-08-2022 05:15 PM
‎12-08-2022 05:15 PM

@tmekelburg1 when you say "safe link" do you mean that every link is automatically sandboxed and tested, or all links are forcibly made neutral, and may only be sent through explicit permissions?

-----------
A claim is as good as its veracity.
Reply
0 Kudos
gidyn
Contributor III
‎12-09-2022 02:33 AM
‎12-09-2022 02:33 AM

https://www.proofpoint.com/us/products/email-security-and-protection/email-protection has functionality to screen all links in emails.

Reply
tmekelburg1
Community Champion
‎12-09-2022 08:11 AM
‎12-09-2022 08:11 AM

I can't say exactly since it's not my system on what it does but here's an example screenshot. It keeps the original text of the link but when you hover over it, it shows this:

 

tmekelburg1_0-1670591281048.png

It redirects to the original link after clicking on it.

Edit: Looks like Defender for O365 after looking into it more. Proofpoint probably does something very similar as @gidyn suggested.

Reply
0 Kudos
denbesten
Community Champion
‎12-09-2022 08:31 AM
‎12-09-2022 08:31 AM

@ericgeater wrote:

 

..."safe link" do you mean that every link is automatically sandboxed and tested, ....

Kinda this.  We have one of these at my employer.  Links in our emails are replaced with unique links to the safe link web site.  When somebody clicks on a link, the safe link site scans the real page and "proxies" its content to the user, much like any web-browser url filtering product would do.  

 

The purported good:

  • Links get "security scanned" regardless of web-browser config.
  • Scanning is delayed until use, so one benefits from knowledge gained between the time of mail-sending and mail-reading (e.g. if it was blasted to many safe link customers).

The bad:

  • It is more difficult for users to visually inspect URLs
  • More complexity, more money, etc.

 

Reply
ericgeater
Community Champion
‎12-09-2022 09:33 AM
‎12-09-2022 09:33 AM

Looks like @gidyn and @tmekelburg1 have shown some useful controls.  Excellent, and thank you.  Those are useful because they can thwart the behavior of an unwitting user.  And I saw that training is definitely key.  Totally agree there.

-----------
A claim is as good as its veracity.
Reply
0 Kudos