SANS Assessment of Student Learning Plan (ASLP) Security Awareness Training

Forwarding the suspicious email to IT support is the advisable action because it allows trained professionals to analyze the email for potential threats. IT support can investigate whether the email is part of a phishing attempt or other malicious activity that could compromise the organization's security. By notifying IT, the employee helps in the broader effort to protect both personal and organizational data. Taking immediate action without due caution, such as replying to the email or providing information, can lead to personal data breaches or other types of cyber attacks. Deleting the email without reading does not provide the opportunity to alert IT to a potential threat, which could leave other employees vulnerable if the email is circulated among them.