Email Security

3 Ways an Email Feedback Loop Boosts Security Awareness

Adrien Gendre

June 18, 2020

11 min

Reporting an email threat is one of the most important steps users can take to help secure their businesses and ultimately their jobs. Unfortunately, many users don’t report, and the business is left unaware that phishing and spear phishing emails are transiting through their email. An integrated email feedback loop provides a no-hassle solution for reporting email threats with one click. But it’s more than a reporting tool. It provides three other critical benefits that help increase security awareness.

1. Empowers users to become better reporters

Hopefully, you’re providing some kind of training to improve security awareness, particularly phishing training, which is highly effective at reducing clicks on phishing links. But training is typically periodic, sometimes even sporadic, and security awareness needs to be top of mind at all times. With a feedback loop, users have a tool that is directly integrated into their email and requires little more effort than clicking a “junk” or “phishing” button in Microsoft Outlook. By removing barriers to reporting, such as installing a third-party plugin, users are more likely to report and report more frequently.

2. Involves users in cybersecurity

Do your users know how reported email threats are used to improve cybersecurity? They might think that clicking “junk” simply moves an email from the inbox to the junk folder, while more technical users probably think that someone on the IT team simply blocks the email address and goes about their day. The reality is not so simple.

Email filters are more intelligent than ever, thanks to artificial intelligence. But machines are only as smart as humans allow them to be. They need data provided by humans to train them. Users who know that they can have a direct impact on the efficacy of a technology are more likely to provide feedback that AI algorithms need to get smarter.

3. Reinforces cybersecurity vigilance

Most users are reactive when it comes to email threats: If they receive a threat and recognize it for what it is, they will (hopefully) report it. This is where manual reporting via an email to IT solves the immediate danger to the organization, but it doesn’t have the same long-term value in terms of improving the filter. Additionally, manual reporting can be laborious and often results in an “I’ll get to it later” response that is typical with users who lack security awareness. While the user sits on the phishing email, it will continue transiting to more users, some of whom might click on a phishing link.

Cybersecurity requires vigilance and a proactive approach to threat detection. An integrated feedback loop that is visible in a user’s email platform helps to keep email security top of mind, which builds habit-forming security awareness. It’s a constant reminder to remain vigilant and ready to respond.

The Vade Secure Feedback Loop

Because it’s not possible for an email filter to catch 100 percent of threats, your users are your last line of defense when threats break through. If only one of your users reports the threat, the attack can be stopped. The question is: How much time will elapse between opening the email and reporting it to IT?

Vade Secure for Office 365 is natively integrated with Microsoft 365, with an email feedback loop that connects directly to the Vade Secure SOC via Microsoft Outlook. When a user receives a suspicious email, they can report the threat to the Vade Secure SOC by clicking the “Junk” or “Phishing” buttons in Microsoft Outlook. Vade’s SOC uses the feedback to mitigate the threat, adjust heuristic rules, and train our machine learning and computer vision algorithms. It removes barriers to reporting and provides a one-click solution that could mean the difference between a malicious email being reported in a matter of minutes and a matter of hours or days.