At this point, you’re probably thinking to myself “But I already know how to detect an email scam!”. I agree. We have already gotten inundated with information on how to tell good and bad email apart.
The problem that I see is if you or someone on your team—or even a client—lets themselves get stressed out from an overflowing email box, they’ll be much more likely to fall for a scam (over 47% more susceptible!).
Think about brushing your teeth. I know we all probably go in for a routine cleaning. But if we just left our mouths unattended for even a week wihthout brushing or flossing, we’d probably have some problems stacking up—maybe ones we didn’t even know were developing (besides some gnarly breath).
Email hygiene is kind of in the same boat as oral hygiene. It requires persistent brushing and cleaning to ensure your mouth (or inbox) remains healthy.
We all know how to generally recognize a phish, such as:
Not opening file attachments from unknown or suspicious source, not opening file attachments unless you know what they are, not opening files when you question another part of the email (like the subject line or messaging within the email’s body). We all for the most part have heightened senses for most scams.
But when we’re going day to day with growing inboxes and less time to devote to reading and responding, the likelihood of following our natural instincts may whither a bit.
Today, I want to walk through a couple basics on keeping to a routine of cleaning up your inbox. What I’ve found is when clients (and my team) adhere to a clean your desk (and email) before you leave, they are less likely to fall for an inadvertent attack while rushing to get a hundred email requests done.
But before we even get into the habits that will keep your email cleaner than it probably is today, there are some preventative actions you can make sure are in place (either included in your cyber stack or to accompany a basic security solution for your team and clients).
Update you antivirus—I’ve mentioned this before, but over half of MSPs I’ve audited have left at least some machines on their network without antivirus or have failed to keep antivirus updated. We all know that signature-based antivirus might not be as effective at catching the latest ransomware attack, but hackers are lazy. There are many that are using viruses that have been around the block (ones that your antivirus should alert on). And if you’re using a second gen antivirus, you rely on their most updated AI rules to protect your network. Without updates applied, you are leaving yourself and your team at risk of stoppable infections.
Back up your files regularly—if a virus were to destroy your files post-phishing attack, you at least will have peace of mind that your data is recoverable. The biggest red flag here is testing your data’s recoverability. Most MSPs I’ve worked with do not have a clear process to test to make sure their restore process is working regularly (that means when you backup data, test each time!).
Protect your computer with spam filters and a smart firewall and keep everything up to date—just like antivirus, making sure your spam filters and firewalls are implemented, tested and up to date is a critical piece to protecting your network. I see MSPs fall short actually testing that things are working (they configure their firewall to a spec and assume that things are working. Many don’t know how to test whether their firewall is working until we scan their machines and are able to move sensitive-looking data across their network). Test your firewall regularly, because it is one of your biggest assets—if configured correctly—to preventing or minimizing a breach or attack.
Now for a few ways to keep your email under control:
Set specific times in the day to go through your email—I typically devote a period of 35 minutes at the beginning of the day to respond to flagged or priority emails and then a period at the end of the day around 5 pm to clean up and respond or clean up the rest. I do not end my day until my inbox is down to zero. Turn off wireless so you cannot deal with new messages coming in. Delegate items that can be delegated and make sure to turn around email that requires a response. For junk emails, I delete them on the spot. For messages requiring more than a 10-minute response, I flag them for the morning when I’m fresh.
Put old email into a annual folder—I group my email by years. If I haven’t been able to respond to something in a week by accident, I dump it into my 2020 folder. I assume that if someone has something important for me, they’ll follow up if I haven’t responded (don’t make this a habit, but it’s better to keep moving than be crippled by thousands of emails). Emails that are not important to me or that do not require my attention, I also put into the 2020 folder.
Put in calendar tasks to follow up—much of my email is delegated to other people more capable of answering specific questions. I make a habit of inserting a reminder to follow up on an email that I have delegated.
These are just a couple of the tricks I use to keep my inbox clean. We will cover a ton of helpful ways you and your team can maximize your cleaned inbox in this week’s SecOps call.
The bottom line is the cleaner you can get your inbox, the less likely you’ll be distracted enough to click on phishing emails.
I’ve even had success getting very trusting and susceptible clients to follow this habit. They used to have continuous problems with falling for scams and now with an email routine, have not fallen to phishing attacks (they’ve even started sending me examples of attacks that used to trip them up!).
Keeping a clean inbox is a good first step to avoiding the phish. Let’s stay safe out there!
