by Mike Fleck
Many companies use email warning banners to alert their employees to potential phishing threats. However, the banners are often based on simplistic, generic rules and users quickly learn to ignore them. Here are two examples I noticed today:
[External Email] If this message comes from an unexpected sender or references a vague/unexpected topic; Use caution before clicking links or opening attachments.
Please send any concerns or suspicious messages to: [email protected]
“This email originated from a sender outside of xxxx”
The fact an email originated from outside the company does not mean it’s suspicious. We talk a lot about alert fatigue for security analysts. What about alert fatigue for users that are expected to apply these warning banners to spot real threats, despite the total lack of context or real-time intelligence.
A better way is to only add email warning banners when the user needs to be…warned. For example, the image below is an example warning banner generated by Cyren Inbox Security. The banner is only present when an email contains suspicious indicators, and the exact reasons for suspicion are clearly communicated to the user.
This approach is proven to reduce false positives and increase user engagement. Overall this helps the organization find and contain evasive threats that can’t be automatically classified as clean or malicious. If your email security solutions only provide static warning banners that don’t adapt to inform the users about contextual threats, check out Cyren Inbox Security.
You may also want to download this white paper about turning your user training into user engagement.