Menu
Log in
Forgot password


Log in
Forgot password




Protect Thyself: Practical Guidance for Navigating Email Threats

10/01/2025 3:46 PM | Anonymous member (Administrator)

By Jesse Flageolle, Westward Management Group

Ready, Set, Convenience!

Email? Is that a fancy name for a special class of mail you can send at the post office? Okay, so this isn’t the early 2000s anymore, and everyone likely has an email account, or three. Most of us regularly use Amazon, Google, and a plethora of apps that fill our lives with convenience. The cost of all these “free” services? Simply enter one of those email accounts and voila, convenience is yours.

No big deal, I love convenience too, but we all need to be aware most companies sell our email addresses to third parties. In and of itself, this is not necessarily an issue, and we all signed off on it by reading the entire terms of service… right? The problem presents itself with the availability of email addresses to nefarious entities, i.e., hackers, scammers, etc.

The increase of phishing emails, sophisticated scams, and fraudulent communications targeting organizations means we all will eventually come face to face with an email that can cause us harm. The consequences of falling for an email scam can range from financial loss to reputational damage, regulatory fines, and operational disruption. It is more important than ever for managers and boards to adopt pragmatic, actionable strategies to protect inboxes and organizations.

Phishing, Spamming, and Spoofing - Oh My!

Aside from limiting the use of company or board email addresses to business or community-related activities only, the following tips will help you identify potential email scams.

  • Unexpected Requests: Be wary of emails that urge immediate action or ask for sensitive information, especially if such requests are out of the ordinary or bypass usual protocols.
  • Errors and Inconsistencies: Poor grammar, misspellings, odd language, or formatting irregularities are common in phishing emails, even those that appear professional.
  • Unusual Sender Addresses: Always examine the sender’s actual email address, not just the display name. Domains with subtle misspellings or extra characters are a frequent red flag.
  • Suspicious Links or Attachments: Hover over hyperlinks to preview the URL. If it looks unfamiliar or doesn’t match the supposed sender, don’t click. Unexpected attachments should always be treated with caution.
  • Generic Greetings and Lack of Personalization: Messages that address you as “Dear User” or “Customer” rather than by name may be mass phishing attempts.
  • Pressure Tactics: Be skeptical of emails warning of dire consequences (account closure, missed payments, etc.) if you don’t respond immediately.
  • Do Not Interact: Do not click on links, download attachments, or reply to the message. Even opening a malicious attachment can compromise your device.
  • Report the Email: Use your organization or email provider’s reporting tools. Many email platforms offer a “Report phishing” option while most companies have a professional with whom they can consult.
  • Alert Relevant Parties: Notify colleagues or other board members as they may also receive similar emails.
  • Immediately Disconnect: If possible, disconnect the device from the network to prevent further spread of malware or data exfiltration.
  • Reset Passwords: Using another computer, change the passwords for all affected accounts, prioritizing those used for email, company logins, and any financial systems.
  • Notify IT: Seek professional help! If you have an IT department or MSP (Managed Service Provider), engage them immediately.
  • Monitor for Unusual Activity: Be watchful for unexpected account logins, password resets, or unfamiliar financial transactions.
  • Regular Training: Ensure ongoing, engaging cybersecurity awareness training for all employees and board members.
  • Multi-Factor Authentication (MFA): Utilize MFA whenever possible to reduce account compromises.
  • Up-to-Date Software: Keep all operating systems and software updated to minimize vulnerabilities.
  • Anti-Malware and Endpoint Protection: It should go without saying, but antivirus is crucial for all devices.
  • Password Managers: Encourage the use of tools like 1Password, LastPass, or Dashlane to promote strong, unique passwords for all accounts. Many free versions exist, including Apple Passwords and Google Password Manager.
  • Secure Messaging: For sensitive board communications, use encrypted messaging platforms such as Signal or Wickr.

Danger, Will Robinson!

If you suspect an email is malicious:

Oops, I Clicked It Again!

Mistakes happen! Even well-trained individuals can fall for sophisticated attacks. If you click a link or download a file from a problematic email:

Preventative Steps and Helpful Tools

Email attacks are ever-evolving threats that require proactive preventative measures. Use the tools and tactics below to ensure you remain as secure as possible.

To Infinity and Beyond

Protecting the inbox is no longer just an IT issue, it’s a critical responsibility for all. By fostering a vigilant culture, ensuring robust technical defenses, and preparing for inevitable incidents, boards and managers can dramatically reduce the risk of falling victim to email-based attacks. The most effective approach is proactive, practical, and persistent!

Jesse Flageolle serves as Integrator & CIO at Westwind Management Group, an accounting and management company dedicated to helping people live better lives! At Westwind, Jesse focuses on building a high-performing team dedicated to serving communities with excellence.





Powered by Wild Apricot Membership Software