Page 54 - Cyber Defense eMagazine - November 2017
P. 54
Consider this scenario:
Maria from accounting notices a suspicious looking email in her inbox and realizes it’s
likely a phishing email, so she doesn’t open it. Feeling proud that she spotted the email
before opening it, she moves on to the next task at hand. She figures since she didn’t fall
for it, there’s no need to do anything else. She never reports it.
Hackers often send out mass amounts of phishing emails – possibly to employees within
the same company – looking for the weakest link. So while Maria didn’t take the bait, her
coworker who receives a similar email the next day might. Reporting suspicious emails
allows IT and company leaders to create awareness around the issue.
What if Maria had fallen for the phishing email but still didn’t tell anyone? The
consequences could have been tragic. It’s important to create a workplace where people
feel open and invested. Instilling fear in employees for reporting cybersecurity issues
won’t help. Instead, offer an incentive or award. For example, give a special treat to
those who report a phishing email.
About the Author
Mary-Michael Horowitz is VP of sales and operations at Asylas, a security, privacy and risk
consulting firm located in Nashville, TN. She works with small- and medium-sized businesses to
align business goals and objectives with technology solutions that fit for today and plan for the
future.
54 Cyber Defense eMagazine – November 2017 Edition
Copyright © 2017, Cyber Defense Magazine, All rights reserved worldwide.