(#10) Security Policies Tip: Executable e-mail attachments -- Educate the end user
This tip, submitted by searchSecurity member Rick Pierides, received a rating of 4.5. Do you have a tip on educating users? Submit it to searchSecurity.
I work with a lot of clients who cannot
afford the luxury of expensive filtering software for their e-mail. So when I make my visits I often take a little bit of extra, gratis time to educate end users on types of executables, how Windows parses the extensions from attachment filenames and how the bad guys attempt to hide the real extension. I like to hand out small post up-sized stickers with a listing of the more common executable extensions as a reminder. Along with current virus signatures and disabling Windows Scripting Host, this has gone a long way toward a much safer and more aware environment for my clients and their employees.
Read the rest of this tip.
For more information on this topic, visit these other searchSecurity resources:
Chat Transcript: E-mail security
Executive Security Briefing: E-mail security: Defending the server
Best Web Links: Security messaging