Re: Flagging external emails and exceptions

[Jamie Schademan <Jamie.Schademan () CWU EDU>]

Hello Beth,

We also added the banner you see below, which starts with Caution:  We have found that with it and accompanying 
education about it, we have seen a large increase in folks recognizing a phish (especially impersonations), and 
self-reporting them which helps to block them eventually for others.

Jamie

Jamie Schademan - CISM, MSIT, MSCS
Chief Information Security Officer
Information Security Services
Central Washington University
Jamie.Schademan () cwu edu<mailto:Jamie.Schademan () cwu edu>

Do your part... #BeCyberSmart

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Childs, Aaron
Sent: Thursday, October 1, 2020 6:50 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Flagging external emails and exceptions

Caution: This email originated from outside the university.
Do not click on links, open attachments, or reply unless you recognize the sender and know the content is safe. If you 
consider this email as phishing or spam please use the Report Message 
Button<https://cwu.teamdynamix.com/TDClient/2015/Portal/KB/ArticleDet?ID=78311> in Outlook to inform both the CWU 
Service Desk and Microsoft.



Good Morning Beth,

We prepend a banner at the top of the body of external emails. You can see what we add below.  It was received with mix 
reviews, but has been effective for us.

Have a good day,
Aaron

[cid:image002.jpg@01D697CD.533461C0]  Aaron Childs   Director
[cid:image005.jpg@01D697CD.532371D0]
Infrastructure Services
Information Technology Services
Wilson Hall - 577 Western Ave. Westfield MA 01086
P  413.572.5527   F 413.572.5615
aaron () westfield ma edu<mailto:aaron () westfield ma edu>


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Beth Albertson
Sent: Wednesday, September 30, 2020 8:01 PM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Flagging external emails and exceptions


Caution External Email: This email originated outside of WSU. Do not click links, open attachments, or respond if it 
appears to be suspicious.
Colleagues,

We are thinking of flagging emails coming in external from our O365 tenant with either a red header at the top of each 
email or adding something like <EXTERNAL> to the subject line.  I wanted to ask other schools that are doing this 
whether they are adding exceptions for external organizations that are trusted.  For example, we use Jira, and I 
thought we could add this to an exception list.  Some have argued that maintaining such a list could be cumbersome and 
could potentially confuse users because some external emails would be flagged and others would not.  Does anyone have 
experience or thoughts on this matter?

Sincerely,

Beth Albertson, CISSP(r), PMP(r)
Director of Information Security
Western Washington University
beth.albertson () wwu edu<mailto:beth.albertson () wwu edu>

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community