General Safe Practices:

1. ALWAYS use a strong complex password to log into your Microsoft account (This is shared across your desktop login and VPN access as well). This is your first line of defense against bad actors who would want access to your email accounts and work accounts.
   
2. NEVER share your password or store it somewhere unsafe like an Excel/Word Document or somewhere physically accessible like a sticky note under your desk.
   
3. NEVER Send sensitive or personal information to someone you don't trust fully.
   
4. ALWAYS Send Secure Emails when handling confidential or sensitive information like Personal Identifiable Information (PII) and NEVER send this type of information to anyone other than those you fully trust.
5. ALWAYS follow the S.L.A.M method for identifying potentially bad emails (See below)

Following the S.L.A.M method for identifying emails:

1. S - Sender: Check WHO the email is from. Make sure the email address or "From" address looks legitimate. Watch for unfamiliar email addresses and misspellings or odd domains (Examples of possible threats: @microsft.com or @microsoft.notmicrosoft.com.na). If you are not sure if the person's identity is valid, send an email in a separate email thread directly to their trusted contact email to confirm it was them.
   
2. L - Links: Never click any links in potentially suspicious emails. Instead, hover over the email instead of clicking to preview its link address. Make sure the address does not lead to somewhere unknown or suspicious. If you do not recognize the site but trust the sender and confirm their identity, don't be afraid to ask them to clarify where the link intends to send them and for what purpose! Make sure these purposes align with your work goals.
   
3. A - Attachments: Never click, download or open any attachments for potentially suspicious emails. Some attachments such as Excel Documents, PDF Files and more can mask hidden code that bad actors can use to infiltrate your PC. If you do not know the sender or do not trust them, DO NOT interact with any attachments. If you do trust the sender but did not expect an attachment, do not be afraid to ask for clarification of its purpose and make sure it aligns with your work goals.
   
4. M - Message: Read the content carefully! Check for potential red flags such as Social Manipulation language like urging you to act, or implying some kind of threat if ignored. Social Manipulation often uses tactics to induce fear or anxiety to influence you to act. If you are ever unsure, don't be afraid to ask for a second opinion by submitting a ticket or reaching out to Michael@impactdf.org directly. In addition, make sure to check for poor grammar, generic greetings, or incorrect verbiage/language.