By Laura Baker, CyberWyoming
A lot of people in business have said to me “it is just email” when talking about losing their phone.
They don’t consider email an important risk to address.
But what they haven’t considered is that your work email has ALL of your contacts in it. If the phone was stolen, it would be VERY easy to craft an email like this from that phone and to infect your entire business network.
What if someone was able to use that work email address to send this malicious Excel file that looks like your SharePoint system to everyone in the company?
And what if this file installed ransomware or a virus that tracks keystrokes?
What if the email looked like it came from your Finance or Accounting Department and mimicked previous emails they had sent?
Employee email education is very important – and it isn’t just how to spot a fake, because people make mistakes.
Employee email education is simple steps like calling to make sure an email is real and creating a culture in your organization where security awareness is complimented and appreciated.
Imagine a phone call to the finance department about this email.
What if your company had a policy to encourage a security aware culture and, because you noticed something was off, you get a $5 gift certificate from Starbucks to honor your commitment to security.
THAT is what security is about, creating that culture where people thank you for noticing something that is just a little bit different.