Horne agreed that public WiFi while traveling is risky, but even WiFi at home presents security risks. "Make sure they are using a secure wireless connection. I am not a fan of wireless at home for security reasons. I know everybody uses it and has at least one or two access points. They should be setting them up to use some sort of encrypted communication."
On this point, Horne said, "There will likely be some push back, but it's strongly recommended to make sure that the connection is absolutely secure. It's often a hard sell, but worth the push."
A second mistake many executives make is in keeping massive local archives. "That's a high risk," said Horne. "They want to be able to readily access email for the last five to 10 years, but they need to have a more a common sense retention policy for their email."
A good time frame for local archives is ideally anything under a year, said Horne, but sometimes that's just not possible. "One to three years, maximum because a lot of times the risk is from a legal perspective. The executives want to keep the local archives, but don't understand the risk associated," Horne said.
Holding onto those archives could result in a forensic nightmare and have legal ramifications. "If the company policy is to retain only three years, but an executive has 10 years of email, that is then included as evidence, and the IT team is require to open them up from a discoverability perspective," Horne said.
Putting the company reputation first, adhering to policies and procedures, and having situational awareness when opening emails or clicking on links are the keys to better protection.
Wheeler advised, "If it seems suspicious and/or too good to be true, it is a probably a legitimate cyber threat. “Caveat emptor applies not only to buyers of physical goods/services, but also to users of cyber goods/services."
Sign up for CIO Asia eNewsletters.