this post was submitted on 16 Jun 2024
422 points (98.6% liked)
Cybersecurity - Memes
1997 readers
1 users here now
Only the hottest memes in Cybersecurity
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My company started with mandatory cybersecurity trainings for all employees. The training tool sends out automated emails to remind you when you have to do a new part of the training.
These emails, from a cybersecurity course, followed all the rules of being a phishing email:
IT decided to fix that, by adding a line to the emails that this email is really from our company. Like a phisher wouldn't think of saying "nah, trust me bro, I'm totally legit"
The correct solution to this is to have the training emails say to log in to take the training, no link in the email at all
A better way would be to have the link be to the company's webserver which could then redirect to the external course.
I offered to set this up for my company (it's not that hard) but nah, they went with telling everyone to click on a link to an unfamiliar site to learn about why they shouldn't click on links to unfamiliar sites.
Then you are still trusting people to hover the link before clicking which from what I've seen isn't the best. Though there is the added benefit of using this as additional training to hover...