Educause Security Discussion mailing list archives
Re: Email Banner
From: "Fowler, Becky Thurmond" <becky () MISSOURI EDU>
Date: Wed, 24 Jun 2020 16:48:13 +0000
We just did this last week and it's been really difficult. End users hate it because our banner takes up all of the preview space on mobile devices and in mail clients. They also quibble with our wording. And we had a number of requests to whitelist external senders that are clearly external but are in some kind of business relationship with us, so now we're in the middle of exception request hell. Our current banner is this: WARNING: This message has originated from an External Source. This may be a phishing expedition that can result in unauthorized access to our IT System. Please use proper judgment and caution when opening attachments, clicking links, or responding to this email. We're considering shortening it or going to subject line tagging. It's a work in progress. Becky Becky Fowler Interim Chief Information Security Officer Division of IT University of Missouri From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Blake Brown Sent: Wednesday, June 24, 2020 11:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Email Banner External Email: Do not click any links or open any attachments unless you trust the sender and know the content is safe. We implemented this last year along with follow up communications on the how and why of it. This small change has provided a noticeable improvement with end user security and reduced link clicking on external emails. Like others we had a small group who did not like it but the net effect was positive. ~Blake ________________________________ From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> on behalf of Boyd, Daniel <dboyd () BERRY EDU<mailto:dboyd () BERRY EDU>> Sent: Wednesday, June 24, 2020 8:15 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> Subject: Re: [SECURITY] Email Banner External Email We have implemented an external email banner, as you can see below. While it has not made huge improvements in user behavior (and some users will just never "get it") it has made a positive impact and I have (non-OIT) users who mention the fact that "that email had the big yellow banner on it" when discussing the validity of a given email. I see it as another layer, but definitely not a silver bullet and there of course have been complaints leveled at it due to the fact that users can't preview emails in the email list anymore because many emails start with the banner so they all look the same until they are opened. But net positive effect so far. Dan Daniel H. Boyd (94C) Director of Information Security Office of Information Technology Information Security Advisory Group Chair Berry College Phone: 706-236-1750 Fax: 706-238-5824 https://infosec.berry.edu<https://infosec.berry.edu/> There are two rules to follow concerning your account passwords: 1. NEVER SHARE YOUR PASSWORDS WITH ANYONE (EVEN OIT!!!!) 2. If unsure, consult rule #1 Information Security wants to know what you want to know about! If there is a topic within information security you would like to know more about please let me know using any of my contact information above. From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Ballister, Mark Sent: Wednesday, June 24, 2020 10:53 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Email Banner CAUTION: This email originated from outside of the Berry College organization. Do not click links or open attachments unless you know the content is safe. Email infosec () berry edu<mailto:infosec () berry edu> if in doubt. Good afternoon, I am looking for information on who has implemented an external email banner and who has not. For those that have, have you seen an improvement in user behavior around phishing? Thank you for your time. Thank you, Mark Mark J. Ballister, CPP | CISM | CISSP Chief Information Security Officer (CISO) University of Rochester (585) 276-6200 (Office) (585) 472-2361 (mobile) [UR.4col.v2] ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Email Banner Ballister, Mark (Jun 24)
- Re: Email Banner Bandy, John (Jun 24)
- Re: Email Banner Boyd, Daniel (Jun 24)
- Re: Email Banner Blake Brown (Jun 24)
- Re: Email Banner Mark Reboli (Jun 24)
- Re: Email Banner Fowler, Becky Thurmond (Jun 24)
- Re: Email Banner Ayala, Daniel (Jun 24)
- Re: Email Banner Blake Brown (Jun 24)
- Re: Email Banner King, Ronald A. (Jun 24)
- Re: Email Banner Jamie Schademan (Jun 24)
- Re: [EXTERNAL] Re: [SECURITY] Email Banner Hart, Michael (Jun 24)
- Re: Email Banner Todd Watson (Jun 24)