Two Scenarios

A few weeks ago, a massive phishing attack was unleashed, seemingly within a small window. It made security experts stop and pay attention. Let me paint two scenarios for you.

Scenario One

Several office mates pop into your office to say they just received an e-mail from you sharing a Google Doc. Your phone starts ringing. It’s a confused coworker saying they opened up the Google Doc, clicked through the permissions screen, and now want to know why they can’t find the document.

Uh oh. You never sent an e-mail to your co-workers. It looks like your account may have been hacked. You scramble to get the word out to folks to delete the e-mail and call the Help Desk if they clicked on the link.

You know there’s going to be some hoopla over this.

Google Doc phish

Scenario Two

The Help Desk gets a large influx of reports from users regarding an odd e-mail received from several other staff members about a shared Google Doc. They didn’t click on it because it seemed “off” to them.

You quickly put together a PSA to let the entire workforce know to be on the lookout for this e-mail. Your mail server team begins blocking new messages of this kind and deletes existing messages from mailboxes. The team also makes note of users whose accounts were sending the e-mail and submits that to the Help Desk, Information Security Manager (ISM) and/or Director.

Your Help Desk fields calls from users who clicked on the e-mail and provides technical assistance to recover their accounts. They also assist users whose accounts were sending out the e-mail. The ISM coordinates with team members to monitor for additional suspicious activity on affected accounts. An after action report is completed at the end of the week, and the ISM or Director reviews it with the entire tech team and workplace stakeholders.

You can see that one scenario is ideal, while the other is not. In Scenario One, people outside of the tech team aren’t aware of phishing e-mails and there’s a sense of panic when an incident occurs. In Scenario Two, the majority of the workforce is aware, but some users still fall for the phish. However, the tech team has a plan in place to respond and recover. While security awareness doesn’t prevent all incidents, early reports of potential problems result in a faster response and recovery time.

I personally received several of these phishing e-mails within a ten minute window. Immediately, I contacted the senders. I called their numbers and talked to them. A couple were already aware and had been receiving reports from coworkers. One was out of the office, but I shared as much information as possible with the assistant so she could take it to her business manager.

-Michelle

This is the difference we want to bring to your workplace with security awareness. We’re not selling snake oil. We know that education and training can’t prevent every scam that’s going to come down the line. But we can help you get to Scenario Two, where the workforce is more prone to report suspicious activity and ASK before taking an action. We can provide security awareness content, a platform to put that content in front of your users, and a patient ear for your tech team on how to reach users.

If you haven’t had the opportunity to put together your own security awareness program, please consider us.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s