Am I the only one who questions people’s intelligence? Please tell me I’m not

Case in point…

I’m sitting at a red light. It begins raining cats and dogs. I notice a beautiful Mercedes convertible, with its top down, sitting in front of our high end jewelry store.

Suddenly, a women runs out of the store. Jumps in the convertible, rolls the windows up and locks the door. Does not put the top up! She then runs back into the store.

Thankfully the light turns green at this point. The logic of her actions escapes me….

Yours Faithfully,
R3b3l G33k

In the world of IT…Passwords Matter.

They keep our computers, data, and random trivialities secure. Each employee is provided their own username…they set the password…security at its most basic, right?

Well…in theory it works in that manner. Unless….

You have a group of people (whole department) who share their username/password with each other. They have it written down so each person can access their computer/email. The reasons?

“Well, we can’t do their work if they’re out sick or on vacation without. Now can we?”

“They need to be able to work my email. I hate reading them.” – This is the Manager of the departments statement

Part of me is dumbfounded. The other part of me remembers two of these users are in our hall of Infamous Clickers for failing in our Phishing Campaigns.

I am at a complete loss….

Yours Faithfully,
R3b3l G33k

Cybersecurity can be….entertaining.

Case in point…

Ran a phishing campaign on the whole company.

Every single employee opened the email.

Only 3 clicked on the link within the email. Here’s where it gets entertaining…

First Link Clicker submitted a ticket (WooHooo!). The ticket states:

“I received an email from ‘Internal Person’ but the link is broke. It takes me to some Phishing site. Can you take a look so I can get to the right site?”

Problem with this is:

1. She clicked on the link!
2. She didn’t read the landing page – If she would have read the ‘broken link’ page she would have discovered it was a page all about how she’d been Phished by IT – how to spot Phishing emails, and what to do if you click on the link, or enter credentials.

She did show us, definitively, who our weakest link is – pun intended.

 

Second Link Clicker did not submit a ticket (Boo!) but, they did come back to the office to report:

1. They received the email and thought it was suspicious.
2. Left it overnight because they thought it was suspicious.
3. Didn’t hear anything about the email being suspicious so…
4. Clicked on the link in the email to see what it was about but…
5. Wasn’t sure what to do since it didn’t take them to a log in page…

Oh, and did I mention this was all AFTER we (IT) had sent out an email about the ‘suspicious’ email. Telling everyone not to click on the link, and to delete it.

And there we have weak link number 2.

The third link clicker has not come forward. We will find them. We will catch them next time. We will smack their hands for clicking the link. For now though…the two above will go down in the hall of Infamous Clickers.

I can’t wait to send out the next campaign!

Yours Faithfully,
R3b3l G33k