ATHENS, W.Va. – In an increased effort to secure Concord University (concord.edu) email accounts from phishing and malware attacks, Concord Information Technology (IT) has now enabled a new security feature recently made available by Microsoft.
Due to requests from many organizations that use Office 365, including Concord, Microsoft has added a feature that allows an email administrator to selectively control the availability of SMTP (simple mail transfer protocol) down to an individual account level, rather than all-or-nothing. This allows Concord IT to improve email security and safety for users and systems by reducing risk of spreading SPAM.
This security feature is important because most individual users don’t require SMTP to send mail. In fact, having SMTP enabled on user accounts increases the likelihood that phishing attacks or malware like viruses are able to spread by email after an account is compromised. A user might not even be aware that their SMTP-enabled email account has been compromised. By activating the new feature, Concord IT has been able to deactivate SMTP selectively on those accounts that don’t need it.
Having SMTP disabled increases security of an email account. If an email account is compromised, SPAM or phishing emails are much less likely to be sent through the campus mail server under that account.
However, some systems still require SMTP. Most back-end systems like multifunction copy machines and server software send email using SMTP and authenticate using a system account. Since these systems don’t use Outlook, they must use a system level mail protocol like SMTP to send email.
System level accounts are routine targets for cyberattack. But, because access to their passwords are strictly controlled and they are not a standard human driven email account, they are not likely to be compromised through phishing.
Additional measures can be taken by email users to help secure their accounts. For instance, unexpected attachments should be avoided. If an attachment is received that is not expected, it shouldn’t be opened or downloaded.
Several more helpful tips and precautions have been posted on Concord IT’s Facebook page at https://www.facebook.com/ConcordUniversityIT
Sarah M. Pritchett
Office of Advancement
PO Box 1000, Athens, WV 24712
(304) 384-6312, firstname.lastname@example.org
After 4 p.m.