picard102
Senior Member
I used to just let those training videos play muted in the background, and sent all the phishing tests straight to the trash instead of reporting them.
2 It admin storiesThe bank I work for does the random email tests, apparently there's a 80 percent pass rate which now requires not only not clicking the links, but also to actively report it as phishing too (there's a click button in Outlook they added for that).
More recently they've been doing phone tests too, with people calling in doing the old "Oh hi it's [insert name of actual employee] here. I'm rushing from a meeting to another right now with [insert actual client name] so can you quickly give me their account number so I can look it up on the system?"
if your company has a "production network" like the platform that serves customers they have a few optionsI assume this is not practicable in all cases, but couldn't at least some of these cases be prevented by having a separation between employee work computers, and computers that have critical systems on them?
At my thankfully soon to be former job, it's pretty much anarchy when it comes to the computer system. As long as your site of choice is not blocked by the content filter you can pretty much go on to whatever site you want, and the same computers that are used by managers to access databases, trainings, emails, are also used at break times by employees who browse the internet casually. It seems to me like this is a great way to cause a cyber problem one day, but hey, that's just me...
Yeah - air-gapping would make a lots of people’s jobs ridiculously harder. If you were annoyed about slowdowns before, imagine what would happen if you could only access email on a separate computer, and had to transfer things explicitly to a production computer/system. It’d be nutso.I mean you could air gap them, but that's not really practical in these kinds of environments.
At my work the data is on infrastructure so old that only IT knows how to access it, and thus no one ever uses it. So I guess that's some kind of protection.
Yeah - air-gapping would make a lots of people’s jobs ridiculously harder. If you were annoyed about slowdowns before, imagine what would happen if you could only access email on a separate computer, and had to transfer things explicitly to a production computer/system. It’d be nutso.
I suspect the best we can do is more automated flagging, and really drilling into people that if you get an urgent ask from someone unexpected…reach out to that person out-of-band and confirm. That’s why banks tell you that if you get a text from them, call the number on the back of your card, for example.
Doesn't even need to be an urgent ask, outside facing positions like accounting or receptionists, heck even HR if they publicly list their emails for application resumes can all have a legitimate way of receiving a payload1. Someone in a position of authority or that you know
2. Urgency
3. Call to action
Three flags to watch out for. It can happen to us all. When in doubt, slow down and try reach out to (1) before taking action.
After hours?Doesn't even need to be an urgent ask, outside facing positions like accounting or receptionists, heck even HR if they publicly list their emails for application resumes can all have a legitimate way of receiving a payload
Just how does one manage to get hit by a large, slow, lumbering, highly visible streetcar that travels on a predictable path??
Slow walker who doesn't look to see if it is safe to close the street and thinks streetcars can stop on a dime. Some of those slow, lumbering, highly visible streetcar that travels on a predictable path are speedster and unable to stop on that dime. Without knowing all the facts, its only guessing as to what took place for this to happen.Just how does one manage to get hit by a large, slow, lumbering, highly visible streetcar that travels on a predictable path??