Re: Email Banner

["Fowler, Becky Thurmond" <becky () MISSOURI EDU>]

We just did this last week and it's been really difficult.  End users hate it because our banner takes up all of the 
preview space on mobile devices and in mail clients.  They also quibble with our wording.  And we had a number of 
requests to whitelist external senders that are clearly external but are in some kind of business relationship with us, 
so now we're in the middle of exception request hell.

Our current banner is this:

WARNING: This message has originated from an External Source. This may be a phishing expedition that can result in 
unauthorized access to our IT System. Please use proper judgment and caution when opening attachments, clicking links, 
or responding to this email.

We're considering shortening it or going to subject line tagging.  It's a work in progress.
Becky


Becky Fowler
Interim Chief Information Security Officer
Division of IT
University of Missouri

From: The EDUCAUSE Security Community Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Blake Brown
Sent: Wednesday, June 24, 2020 11:18 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Email Banner

External Email: Do not click any links or open any attachments unless you trust the sender and know the content is safe.
We implemented this last year along with follow up communications on the how and why of it. This small change has 
provided a noticeable improvement with end user security and reduced link clicking on external emails. Like others we 
had a small group who did not like it but the net effect was positive.

~Blake

________________________________
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Boyd, Daniel <dboyd () BERRY EDU<mailto:dboyd () BERRY EDU>>
Sent: Wednesday, June 24, 2020 8:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Email Banner

External Email

We have implemented an external email banner, as you can see below. While it has not made huge improvements in user 
behavior (and some users will just never "get it") it has made a positive impact and I have (non-OIT) users who mention 
the fact that "that email had the big yellow banner on it" when discussing the validity of a given email.



I see it as another layer, but definitely not a silver bullet and there of course have been complaints leveled at it 
due to the fact that users can't preview emails in the email list anymore because many emails start with the banner so 
they all look the same until they are opened.



But net positive effect so far.



Dan





Daniel H. Boyd (94C)
Director of Information Security

Office of Information Technology

Information Security Advisory Group Chair
Berry College
Phone: 706-236-1750
Fax:     706-238-5824

https://infosec.berry.edu<https://infosec.berry.edu/>

There are two rules to follow concerning your account passwords:
1. NEVER SHARE YOUR PASSWORDS WITH ANYONE (EVEN OIT!!!!)
2. If unsure, consult rule #1



Information Security wants to know what you want to know about! If there is a topic within information security you 
would like to know more about please let me know using any of my contact information above.







From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Ballister, Mark
Sent: Wednesday, June 24, 2020 10:53 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Email Banner



CAUTION: This email originated from outside of the Berry College organization. Do not click links or open attachments 
unless you know the content is safe. Email infosec () berry edu<mailto:infosec () berry edu> if in doubt.

Good afternoon,



I am looking for information on who has implemented an external email banner and who has not.  For those that have, 
have you seen an improvement in user behavior around phishing?  Thank you for your time.



Thank you,

Mark



Mark J. Ballister, CPP | CISM | CISSP

Chief Information Security Officer (CISO)

University of Rochester

(585) 276-6200 (Office)

(585) 472-2361 (mobile)



[UR.4col.v2]



**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community