Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Email Warning Banners

by Mike Fleck

Many companies use email warning banners to alert their employees to potential phishing threats. However, the banners are often based on simplistic, generic rules and users quickly learn to ignore them. Here are two examples I noticed today:

[External Email] If this message comes from an unexpected sender or references a vague/unexpected topic; Use caution before clicking links or opening attachments.

Please send any concerns or suspicious messages to: [email protected]

 

“This email originated from a sender outside of xxxx”

 

The fact an email originated from outside the company does not mean it’s suspicious. We talk a lot about alert fatigue for security analysts. What about alert fatigue for users that are expected to apply these warning banners to spot real threats, despite the total lack of context or real-time intelligence.

A better way is to only add email warning banners when the user needs to be…warned. For example, the image below is an example warning banner generated by Cyren Inbox Security. The banner is only present when an email contains suspicious indicators, and the exact reasons for suspicion are clearly communicated to the user.

Email warning banner

This approach is proven to reduce false positives and increase user engagement. Overall this helps the organization find and contain evasive threats that can’t be automatically classified as clean or malicious. If your email security solutions only provide static warning banners that don’t adapt to inform the users about contextual threats, check out Cyren Inbox Security.

You may also want to download this white paper about turning your user training into user engagement.

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...

The Hidden Costs of Phishing & BEC

By Max Avory A couple of months ago we sat down with Damian Stalls, vCIO director at Fluid Networks to discuss how they dramatically reduced the time their security analysts spent managing the problem of phishing, BEC, and user education. Here were some of the...