Boosting IT security is a challenge and can keep us up a night. I saw this post on LinkedIn today, and I’d love to share my approach with you.
For sure the CEO is ultimately responsible since they are the “steering the ship”. But what’s the front door for malware? What makes up the majority of the attack surface? The user. We all are part of the attack surface. We all share some of the responsibility.
In one role, we were able to significantly boost the effectiveness of our IT security and antivirus software with “organic augmentation.”.
What did we do? 😎
We turned it into a game. We made it fun.
It started by chance when a colleague forwarded me an email which they suspected of being a phishing mail. Not the safest of approaches, but it was the start of something wonderful!
If I remember correctly, I did reply personally, but then I crafted a message which I sent company wide.
I used screenshots, some gentle humour and sarcasm, to highlight the telltale signs of a phishing email. I signed off with memes of RDJ or Like Skywalker saluting. And most importantly, I praised – read that again – I praised the employee for spotting the suspicious email.
Very quickly I was getting almost daily submissions as attachments or screenshots. Each email was dissected fully and shared to the company. I exposed grammatical errors, out-of-date logos. By hovering over a link, I would take a screenshot of the exposed hyperlink – they never matched the text! 😁 B
Because we used an in-house file sharing platform, we could immediately discount anything referring to “your new pay-deal is in Sharepoint”.
We basically crowdsourced part of IT security.
And it worked. Nearly 100 employees globally and over 5 years only compromised user.
- Have clear processes and approved internal tools. This reduces the attack surface because it excludes the spoofing of other tools.
- Be human. Promote the “We are in this together” mindset. It doesn’t matter what your role is in the company. Be kind and supportive.