I know some place where the phishing emails were immediately spotted by the employees because the ceo has awful punctuation and grammar, the phishing email looked too clean to be real lmao.
Believe it or not, the IRS doesn’t accept Best Buy gift cards as payment. Crazy. Right?
Well then I’m glad I paid them with iTunes gift cards.
They just got pissed when I told them I only had 20% off Sizzler buffet coupons.
I know it’s different as this is about business security, but my favorite is when people think the Sheriff or the IRS is demanding payment in eBay gift cards.
My favorite is an email attachment called Totally Important Document.zip and the antivirus wont let them open it, so they open a ticket requesting to turn off the antivirus because its impeding their work.
Don’t show them the email in the first place, seems like an IT problem to me 🤷
New threats slip through, it will always happen. It’s why user training is an important part of security for a company.
It’s not a case of if there will be a security incident but when, you can only limit the likelihood and damage.
Modern day reliability and security best practices are based on planning for failures assuming they are all inevitable.
Back in the old days we would just assume everything is going to work out but that just isn’t sustainable now with how complex and expansive systems have become. Basically, there are too many moving parts to account for every single possibility so people should expect systems to fail and know how to react when it happens.
Then IT should expect users to fail, it’s the thing they’re best at