Safe e-mail use policy

Due to the dangerous situation in Ukraine, our companies are more and more often exposed to cyber attacks.Our inboxes receive increasing amounts of suspicious messages.

It often happens that the contents and title of the message do not look suspicious, and the links are entitled, for example, CV [name and surname]. We must now be even more vigilant than ever before.

In our work we deal with network infrastructure, security and data protection on a daily basis and therefore our specialists have drafted a list of security rules to follow when receiving e-mail:

  • Ensure proper security for the end station where e-mail is browsed (antivirus protection, antimalware protection, etc.),
  • Change the e-mail inbox password regularly. The password must meet the minimum security requirements (at least 8 characters, including upper and lower case letters, numbers and special characters),
  • Do not save the password in browsers,
  • Do not use e-mail on computers that from beyond your organization,
  • Do not sign in to e-mail from potentially dangerous networks (hotel networks, public hotspots etc.),
  • Do not share your password with anyone,
  • Never store the password in a visible place – the password should be stored in encrypted format, e.g. using KeePass2 software,
  • Always sign out of your e-mail inbox after finishing work (if accessing e-mail via a web browser),
  • When logging into e-mail from outside the company, always use a VPN connection that provides additional encryption,
  • Do not open and do not respond to messages marked as spam,
  • Always verify the message sender, in case of doubts, check message headers that provide information about the mail servers involved in the process of delivering the message to your inbox,
  • Do not click links in messages received from an untrusted sender,
  • Never open attachments with a suspicious name or extension,
  • Before clicking a link included in the message body, verify whether the URL does not lead to a page other than the one visible on the screen,
  • Do not send sensitive personal data in the message body. Include such information in a separate file, which is subsequently encrypted with a strong password and added to the message in the form of attachment.,
  • Follow the limited trust principle – even messages sent from a friend may contain dangerous content,
  • Check the spelling of received message. Automatic translation engines that are often used by hackers, include spelling and stylistic mistakes, so pay attention to this,
  • Do you suspect that your computer has been infected? Report this fact to the administrator immediately and do not forget to change your e-mail password. In the case of more serious infections, changing the password is insufficient and having your e-mail inbox temporarily blocked by the administrator will be necessary,
  • Never use personal e-mail accounts to send correspondence that is related to your institution’s day-to-day business,
  • Always make sure to send e-mail to the proper recipient,
  • Do not store the contact list in a notepad file, XLS sheet etc. Store contacts in a web application (webmail) or an e-mail client,
  • Do not use mail merge to send e-mails to many recipients,
  • Do not send large attachments,
  • Never use personal devices to use e-mail, unless granted direct permission from the head of the institution.

You should also check whether your company has the appropriate security in place. If not – please contact us, we’ll be happy to help.