Mark Anderson and Libby Powers chat about the importance of employee training when it comes to your business’s cybersecurity. Even the most protected network is vulnerable when bad actors are unwittingly given access. Libby shares a personal story of getting phished, and the consequences of a single click.
Mark Anderson: Hi, everyone! Welcome to another edition of Byte-Size Tech. I’m Mark Anderson, and I’m joined today by Libby Powers. We’d love to talk to you in this episode about why your employees’ cybersecurity knowledge is so incredibly important. You know, we in the IT world can put up all the different proper layers of defense for a particular business, but if an employee is tricked into believing something is true, that truly is a spear phishing attempt. All of those layers of defense are completely unwound. So we’re going to ask Libby to relay a story that actually happened to her not too long ago. Why don’t you just dive into it, Libby?
Libby Powers: It’s kind of a long story, so I want to make it short. Essentially, I was working from home for a very long time at another organization. I had gone into the office for the first time in over nine months. I log into my email, and the first email I clicked on was somebody from somebody I trusted, and within that email was a link. I clicked on the link.
Mark: It seemed very believable.
Libby: Oh, totally. It was about a report, it said my name, there was no weird formatting or bad grammar. I clicked on the link and, essentially, it took me to a Microsoft page to enter my credentials. Well, little did I know, that’s where the phishing happened. So I entered in my credentials, not even thinking twice, because I just thought I’d been home. It seemed normal.
Mark: Like Microsoft’s 365 login page, right?
Libby: Yeah, it looked just like it. I just went about my day, and at the end of the day, I looked up, and all of a sudden, I’m getting all these second after second after second, automatic replies. out of offices, that kind of thing. What happened is I clicked on a phishing email that was sent over to [the phishing actors]. They then logged in to my Outlook as me and sent it to over 3000 contacts which were my clients and other colleagues at the organization I was working at, so they all were phished as well.
Mark: You kind of get a lump in the pit of your stomach when that occurs, don’t you?
Libby: When I found out that it took our CTO and some of our other IT people an entire day to fix that one little click that I did, it was a pretty sickening feeling. It was not fun. You never want to be that person.
Mark: What kind of lessons learned would you say you took away from this experience?
Libby: I think it’s really valuable to train your employees on what to look for, and just how they can be vigilant. Phishing is becoming a very valid thing again because cyber criminals can pivot so quickly. They’re now doing it through text messages. They’re doing it through voice messages, emails. There’s so many different ways that these criminals can be super savvy. And you, just being a regular person…
Mark: We’re all so busy, living busy lives, we don’t have time to really deep dive into each email that we get. Is this legitimate? Is it not?
Libby: At Anderson Technologies, we truly, truly believe that training your employees is something that’s really important. Whether you do it through us or whether you do it through another source, train your employees. It’s going to help you 100% in the long run.
Mark: It pays huge dividends. Okay, thank you so much, Libby, for sharing that with us. And hopefully, you were able to take a lesson learned from that. We look forward to seeing you on another episode. Thanks, guys. Bye.
Libby: Thanks, Mark. Bye.