What is the biggest factor when determining the legitimacy of an email?

The sender45%

Spelling Errors38%

Relevancy / Personal Details13%

Other (Share below)2%

541 PARTICIPANTS

3.5k views4 Comments

Director, Information Security in Education, 1,001 - 5,000 employees

A combination of the sender and relevancy/details with a bit more emphasis on the latter. I’ve seen enough accounts compromised (or spoofed with insufficient SPF/DMARC) that sender alone isn’t reliable.

Spelling or grammar may be helpful but the context of the relevancy is more important there. Someone may not be a native English speaker or they may be neurodivergent, explaining such. However, if the message is supposedly an automated message from a bank, a government agency, etc spelling and grammar are helpful. Less so when sent from individuals.

Director of Technology Strategy in Services (non-Government), 2 - 10 employees

That it was expected.

Head of IT and Security in Finance (non-banking), 51 - 200 employees

All of the above!

Director in Manufacturing, 1,001 - 5,000 employees

Add SMTP full address to the list

SMTP header for actual domain that sent it. In the olden days you could look at a message header easily and see that it cam from a false domain or used an unsecured SMTP relay host.

Content you might like

Generally speaking, are you feeling optimistic about the state of DEI in cyber? Interested in hearing your reasons in the comments.

Security & GRC Talent Sourcing & Hiring Culture & Values

Yes – very optimistic!32%

Yes – mildly optimistic.55%

No6%

I’m not sure6%

259 PARTICIPANTS

2.9k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

142 19 Replies

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRC Threat & Vulnerability Management

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

61 views

What's your favorite way to communicate when using a messaging service?

People & Leadership End-User Services & Collaboration Culture & Values +5 more

Text64%

Audio24%

Video10%

Emojis only!2%

312 PARTICIPANTS

2.7k views1 Upvote3 Comments