Email DO'S & DON'TS

We see that hackers get more creative every single day, and that is why it is so important to keep staying aware. Just one click on a malicious link and put an entire organisation in danger. These email do’s & don’ts are a quick guide on what everyone should look out for and how important it is to keep your cyber security policies up to date. If you have more questions regarding awareness training, we answer them right here.

This list is here for you to share with your entire organisation – we can all need a reminder once in a while !


Email DO'S & DON'TS

The DO'S

  1. Do always check URLs before you click on it
    • Make sure it looks correct- a spelling mistake is a clear red flag
  2. Do be careful with passwords and credentials
    • Never send your passwords via email
  3. Do keep private material confidential
  4. Do use hard-to-guess passwords or passphrases
    • A password should have a minimum of 10 characters using uppercase letters, lowercase letters, numbers and special characters.
    • To make it easy for you to remember but hard for an attacker to guess, create an acronym. For example, pick a phrase that is meaningful to you, such as “My son’s birthday is 12 December, 2004.” Using that phrase as your guide, you might use Msbi12/Dec,4 for your password.
  5. Do use different passwords for different accounts
    • If one password gets hacked, your other accounts are not compromised
  6. Do keep your passwords or passphrases confidential
    • Your passwords are yours – and yours only
  7. Do always pay attention to phishing traps in email and watch for any telltale signs of a scam
  8. Do lock your computer and mobile phone when not in use
    • This protects data from unauthorised access and use
  9. Do remember that wireless is inherently insecure
    • Avoid using public Wi-Fi hotspots. When you must, use agency provided virtual private network software to protect the data and the device
  10. Do destroy information properly when it is no longer needed
    • Place paper in designated confidential destruction bins throughout the office or use a crosscut shredder. For all electronic storage media, consult with IT


  1. Don’t trust emails
    • Even if they’re from inside the organisation double check before clicking
  2. Don’t share your credentials with others or write them down
    • You are responsible for all activities associated with your credentials
  3. Don’t leave printouts or portable media containing private information on your desk
    • Lock them in a drawer to reduce the risk of unauthorised disclosure
  4. Don’t send any private or sensitive information through email unless authorised to do so
  5. Don’t open mail or attachments from an untrusted source.
    • If you receive a suspicious email, the best thing to do is to delete the message, and report it to your IT department
  6. Don’t click on links from an unknown or untrusted source.
    • Cyber attackers often use them to trick you into visiting malicious sites and downloading malware that can be used to steal data and damage networks
  7. Don’t be tricked into giving away confidential information.
    • It’s easy for an unauthorised person to call and pretend to be an employee or business partner
  8. Don’t respond to phone calls or emails requesting confidential data 
  9. Don’t plug in portable devices without permission from your IT department
    • These devices may be compromised with code just waiting to launch as soon as you plug them into a computer
  10. Don’t leave devices unattended
    • Keep all mobile devices, such as laptops and cell phones physically secured. If a device is lost or stolen, report it immediately to your manager

Want to share it with your friends?