What should individuals do with suspicious emails?

Individuals should notify the IT department when they encounter suspicious emails because this is a critical step in maintaining cybersecurity. The IT department often has protocols in place to investigate potential phishing attacks or other security threats. By reporting such emails, individuals help their organization respond quickly to potential risks, allowing IT professionals to assess whether the email is part of a broader attack that could affect others in the organization. This proactive approach contributes to the overall security posture of the organization and can prevent a successful breach or compromise.

Other actions, such as forwarding the email to colleagues, might inadvertently spread the threat, while deleting emails without reporting them could allow the potential security threat to remain unaddressed. Responding to clarify the request could expose the individual to more risks, as it engages with the potential attacker. Thus, notifying the IT department is the best course of action when dealing with suspicious emails.