You walk in the door in the morning to the usual pile of unread emails, you scan them for “important names” first to ensure you keep in the good books (we all do it, don’t worry!). You notice you’ve got a meeting invite from your boss titled “Annual Review” – now, I’m guessing you’ll be thinking one of two things:
1. Sweet, it’s about time, let’s do this! You click the accept button multiple times just in case; or
2. Damn it, my lazy butt has finally been caught up with... you hover over the accept button for a while and then begrudgingly click.
You carry on with your day, usual coffee trips, keep yourself up to date with the latest news stories online, process some ECAs, complete some analytics, pay the vet’s bill you forgot, arrange a few meetings, continually retype your username and password into the multitude of applications for 50th time that day (damn that auto lock!), and so on.
Later that day, you bump into the boss: “Hey Boss, nice to see you. Looking forward to the annual review. Really do appreciate the opportunity to discuss my performance.” The boss looks confused.
“Wait, what review?”
“The annual review you are doing with all the staff, we’re all super excited,"...and then the realisation sets in. You run back to your desk or to the IT department as if you’re in some race against time...someone else won this race.
The chances are you’ve just been “phished” – the list of things the bad guys can do once you’ve clicked is very long and very scary!
I’m not here to tell you all the gory details, the hundreds of different “phishing techniques” or tell you how to fix everything, but it is my opportunity to get your attention and ensure you know that you can win this fight yourself. Yes, your IT or InfoSec departments, those email filtering systems, etc. will all help, but they cannot and will not be able to protect you 100%.
Use whatever superhero name you wish, wear whatever cape you want, the only thing you need to justify these choices is training and education. If your company is not already affording you with this necessary training (84% of all email traffic in April 2019 was spam!), then do it yourself. Don’t be that person who clicks the link that kills your business.
We work in one of the most targeted industries in the world; this will never change. It’s the nature of the business, and as the threats to our industry change, we must be ready!
There is plenty of content available out there which provides free education, training videos, etc. It would be unfair of me to recommend anything directly as I haven’t tried them all, but, if you aren’t already doing this, please do.
If you're interested in reading a little bit about me personally, here's a recent blog post.
Learn more about Oasis' latest Security Certification (ISO 27017) here.