🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Security Awareness Coming Soon

SA Email Communication Security

Participants learn essential email and messaging security practices, identifying phishing, data leakage, and business email compromise threats, and applying safe handling policies to protect corporate information.

Who Should Take This

The course is intended for all corporate staff who regularly send, receive, or store information via email or messaging platforms. It suits employees with limited technical background who need practical guidance to recognize scams, follow data‑handling policies, and make safe communication decisions daily.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

63 learning goals
1 Email Security Fundamentals
2 topics

Email encryption and secure transmission

  • Recognize when email encryption should be used, including when sending sensitive data, PII, financial information, or confidential business documents.
  • Describe the basic concept of email encryption and how it prevents unauthorized parties from reading email contents during transmission and storage.
  • Explain the purpose of digital signatures in email and how they verify the sender's identity and confirm the message has not been altered in transit.
  • Identify the organization's approved methods for encrypting email, including built-in encryption features, secure email portals, and encrypted attachment tools.
  • Describe what the encryption indicators in your email client look like (lock icons, certificate warnings) and what they mean about message security.

Secure file sharing

  • Recognize when files should be shared via the organization's approved secure file transfer service instead of as email attachments.
  • Describe the risks of sending sensitive files as unencrypted email attachments, including interception, forwarding to unintended recipients, and lack of access revocation.
  • Explain the advantages of link-based file sharing over attachment-based sharing, including access controls, expiration dates, download tracking, and permission revocation.
  • Analyze a file sharing scenario to determine the appropriate method (encrypted attachment, secure link, portal upload) based on data sensitivity and recipient.
  • Identify the risks of using personal file sharing accounts (personal Google Drive, Dropbox) for transferring work documents to external parties.
2 Sensitive Data in Communications
3 topics

Data classification in email

  • Recognize the categories of sensitive data that require special handling in email, including PII, PHI, financial records, credentials, and trade secrets.
  • Describe the organization's data classification levels (public, internal, confidential, restricted) and how each level determines permitted communication channels.
  • Identify examples of accidental sensitive data exposure in email, including credit card numbers in plain text, passwords in message bodies, and SSNs in unencrypted attachments.
  • Explain the role of email classification labels and sensitivity markers and how to apply them correctly before sending.

Credential and authentication data

  • Recognize that passwords, API keys, access tokens, and other credentials must never be sent via email, chat, or any unencrypted communication channel.
  • Describe approved methods for sharing credentials when necessary, including password managers, secure vaults, and temporary one-time links.
  • Explain why taking a screenshot of credentials and sending it via messaging creates a persistent, searchable record that can be discovered by attackers.
  • Identify the risks of storing credentials in email drafts or sent items and explain why this is equivalent to writing passwords on sticky notes.

Recipient verification

  • Recognize the risks of email auto-complete suggesting incorrect recipients, especially when internal and external contacts share similar names.
  • Describe the importance of verifying all recipients in the To, CC, and BCC fields before sending emails containing sensitive or confidential information.
  • Explain the risks of using Reply All on emails with large distribution lists and how this can inadvertently expose sensitive information to unauthorized recipients.
  • Analyze a misdirected email scenario to determine the severity of the data exposure, identify notification requirements, and recommend corrective actions.
  • Describe the correct immediate steps when you realize you sent sensitive data to the wrong recipient, including recall attempts and notifying your security team.
3 Business Email Compromise and Fraud
2 topics

BEC attack recognition

  • Recognize business email compromise (BEC) attacks where attackers impersonate executives, vendors, or partners to request wire transfers, gift cards, or credential changes.
  • Identify common BEC indicators, including slight email address variations, unusual urgency, requests to bypass normal approval processes, and out-of-character language.
  • Describe how attackers research organizations using LinkedIn, social media, and public filings to craft convincing BEC emails that reference real projects and relationships.
  • Explain the financial and legal consequences of successful BEC attacks, including unrecoverable wire transfers, regulatory penalties, and reputational damage.
  • Analyze an email claiming to be from the CEO requesting an urgent wire transfer to determine whether it is a BEC attack and identify the verification steps to take.

Invoice and payment fraud

  • Recognize invoice fraud schemes where attackers send fake invoices or modify legitimate vendor payment details to redirect funds.
  • Describe the verification procedures for payment changes, including calling vendors at known numbers, requiring dual authorization, and using established change request forms.
  • Analyze a suspicious vendor email requesting bank account changes to determine whether it is legitimate and identify the appropriate verification steps.
  • Identify gift card scams where emails impersonate managers requesting employees to purchase gift cards and send the codes via email or text.
  • Explain why payment-related email requests should always be verified through a separate communication channel such as a phone call to a known number before any action is taken.
4 Messaging Platform Security
2 topics

Collaboration tool security

  • Recognize that messages and files shared in Slack, Teams, and similar platforms are stored and searchable, making them potential targets for data breaches.
  • Describe the security implications of public versus private channels and why sensitive discussions should use private channels with restricted membership.
  • Identify the risks of sharing sensitive files in messaging platforms without access controls, including persistent availability, forwarding, and unauthorized downloads.
  • Explain why external guest accounts in collaboration platforms should have limited access and why their permissions should be regularly reviewed and revoked when no longer needed.
  • Describe the risks of integrating third-party bots and apps into messaging platforms and why each integration should be approved by IT security.

Video conferencing security

  • Recognize the security risks of video conferencing, including meeting bombing, unauthorized recording, screen sharing exposure, and background information leakage.
  • Describe secure video conferencing practices including using meeting passwords, enabling waiting rooms, controlling screen sharing permissions, and locking meetings.
  • Explain the risks of sharing meeting links in public forums and how attackers can use intercepted meeting invitations to join confidential discussions.
  • Identify the risks of recording video meetings without consent and describe the legal and policy requirements for meeting recording and storage.
  • Analyze a video conferencing security incident where an unauthorized participant joined a confidential meeting and determine the corrective actions needed.
5 Email Hygiene and Forwarding Risks
3 topics

Forwarding and auto-reply risks

  • Recognize the risks of auto-forwarding corporate email to personal accounts, including data leakage, compliance violations, and loss of organizational control.
  • Describe how out-of-office auto-reply messages can reveal organizational information to attackers, including reporting structure, travel schedules, and alternative contacts.
  • Explain best practices for out-of-office messages, including limiting detail for external recipients, avoiding specific dates, and not disclosing backup contacts publicly.
  • Identify the risks of forwarding email threads that contain sensitive historical messages hidden below the visible content.
  • Analyze an out-of-office message to identify information that could be exploited by attackers and recommend a safer alternative.

Email retention and deletion

  • Recognize the organization's email retention policies and understand that emails may be subject to legal hold, compliance requirements, and discovery requests.
  • Describe the risks of hoarding old emails containing sensitive data and how archived messages increase the organization's exposure in a breach.
  • Explain why deleting emails during a legal hold is prohibited and can result in severe legal penalties including adverse inference and sanctions.

Mailing lists and distribution groups

  • Recognize the risks of sending sensitive information to large distribution lists where not all members need or should have access to the content.
  • Describe the importance of regularly auditing mailing list membership and removing former employees, departed contractors, and external parties no longer involved.
  • Explain how attackers can exploit external mailing list archives to harvest email addresses and organizational intelligence for targeted phishing campaigns.
6 Shadow IT and Unapproved Communication Tools
2 topics

Recognizing shadow IT communications

  • Recognize what shadow IT communication tools are and identify common examples, including personal WhatsApp, Signal, Telegram, and unapproved project management apps used for work.
  • Describe the security and compliance risks of using unapproved communication tools, including lack of encryption controls, data retention gaps, and audit trail absence.
  • Explain why using personal email accounts for work communication creates data sovereignty issues, complicates incident response, and violates data handling policies.
  • Analyze a scenario where a team has adopted an unapproved messaging tool for convenience and evaluate the security risks and recommend a path to using approved alternatives.

Approved tool awareness

  • Identify the organization's approved communication tools for different sensitivity levels and purposes, including email, messaging, file sharing, and video conferencing.
  • Describe the process for requesting approval of a new communication tool and why IT security review is necessary before adopting new platforms.
  • Explain why AI-powered email assistants and writing tools may process email content through external services and require security review before use.
  • Synthesize communication security principles to select the appropriate approved tool and security settings for a given business communication scenario.
  • Synthesize email security, messaging platform security, and data classification concepts to develop a personal communication security checklist for daily use.

Scope

Included Topics

  • Email security awareness for general corporate employees, covering encryption awareness, digital signatures, and secure file transfer practices.
  • Handling sensitive data in email communications, including PII, credentials, financial data, and protected health information.
  • Messaging platform security for Slack, Microsoft Teams, Zoom, and other collaboration tools used in the workplace.
  • Email forwarding risks, auto-reply information leakage, out-of-office message security, and mailing list exposure.
  • Shadow IT communication tools, unapproved messaging apps, and the risks of using personal communication channels for work.
  • Business email compromise awareness, invoice fraud detection, and executive impersonation via email.
  • Practical scenario-driven training focused on secure communication decisions employees face daily.

Not Covered

  • Email server administration, Exchange or Google Workspace configuration, DMARC/DKIM/SPF setup, or mail relay management.
  • Network packet analysis, email header forensics, or advanced phishing analysis techniques for security professionals.
  • Cryptographic protocol internals including TLS handshake details, S/MIME certificate management, or PGP key server operations.
  • Data loss prevention system deployment, rule configuration, or DLP policy authoring (IT security team responsibilities).
  • Legal discovery and e-discovery processes beyond basic retention awareness.

SA Email Communication Security is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified