Harry Potter and The Prepared Employees
The Harry Potter series teaches youths and adults alike various life lessons across its collection of books and movies, but what can it teach us about security and more specifically, security in the workplace? The answer may surprise you. While you won’t see Harry, Ron, Hermione, or Dumbledore on their laptops or tablets around Hogwarts fending off digital attackers, you’ll have to use your imagination to understand how they’ve taught us to prepare for the worst. Sure, for us, it may not be as risky or dangerous as defeating a dark wizard, but in our Muggle (non-magic) world, jeopardizing the safety of our company’s and client’s security, is pretty risky.
“We must all face the choice between what is right and what is easy” – Albus Dumbledore
One of the greatest lessons J.K Rowling taught readers, is how important it is to do the right thing. Dumbledore said it best. Right and easy are not synonymous. Oftentimes, doing the right thing can also be the most difficult. This is where temptation and curiosity come into play for us. The employees of your business need to be trained and educated to know the difference between emails that are part of a phishing scam and those that are the real thing. True, the differentiation between the two is becoming increasingly more complex and it’s hard to tell the two apart sometimes. Therefore, when in doubt, it may be easier to just open that email and take your chances because you feel foolish being that paranoid over a simple email from a website you visit so often. It makes complete sense that you would get an offer from them. This is where you should heed Dumbledore’s words carefully. Yes, it’s much easier to open that email and download the offer in the link. But, it is not right. Odds are, you are opening the door for an attack.
Check it out: Email Security Best Practices For Employees
Preparing your employees as a leader of a company, can make the difference between smooth email communication and spending your day explaining to customers how their private information got into the wrong hands.
“Because that’s what Hermione does…when in doubt, go to the library” – Ron Weasley
Hermione is known for her cunning intellect and knowledge of everything taught at Hogwarts and more. You and your employees can learn a lot from her resourcefulness. Hermione is always prepared for the worst to happen and she manages to handle a situation with quick thinking and action.
When preparing your employees for a battle of the inbox scam, the best place to start is the training room. Gathering the gang together for an hour or so to discuss ways to keep the bugs out of the office computers is a much more effective use of time than you want to believe. An hour here may save you several hours or days down the road when you catch a virus or a large amount of data has been compromised. Offer visual examples of differences between fake emails and real ones. Seeing enough false offers will eventually send red flags when they go to open their emails at their desk and realize something is off.
Check it out: 7 Tips for Your Employees to be Able to Identify and Avoid Risks Video
Educating your office staff about different types of threats that face their technology and the information stored on devices is critical to understanding how to combat these threats. Company technology needs to be protected with a strong firewall and advanced security to match threats, but aside from the technology, oftentimes, employees are a major source of vulnerability.
Employees that don’t know any better will take the bait. And this isn’t completely their fault if they aren’t aware of the signs. As an employer, it’s your responsibility to provide them with the correct training and resources to become less vulnerable to infecting their workspace with malicious attacks.
“It takes a great deal of bravery to stand up our enemies, but a great deal more to stand up to your friends” – Albus Dumbledore
Dumbledore is on a roll with the wisdom. And he’s absolutely right. Once employees are trained and educated by their employer on recognizing and combating cyber-attacks, the responsibly then falls upon them to keep each other and themselves accountable for sticking to that information.
Everyone is responsible for the information they hold on their computer, especially that of clients. The base of security at your workplace is only as secure as the weakest link. Neville stood up to Harry, Ron, and Hermione when they were not following instructions and potentially putting themselves and everyone else in danger. As nervous and timid as he was doing it, he was the only one to stand in their way and remind them of the potential harm they face.
Check it out: How to Recognize Common Phishing Hacks
Be like Neville. When your co-worker is getting some odd-looking emails and suspicious links, remind them to be skeptical and not open a link from an email like that. It may not have worked out in Neville’s favor as the group got past him with a simple flick of a wand, but in the office, when someone is holding you accountable for making a choice, it’s a little more difficult to give into your curiosity.
“How would you find them? They could be hidden anywhere, couldn’t they?” – Harry Potter
Them…They. What Harry is talking about here, are the 7 Horcruxes needed to be found in order to destroy Lord Voldemort. Spoiler Alert*. The heroes do indeed find and destroy all objects in the end. But finding them is a lot harder than they thought. Why? Wouldn’t an object embedded with dark magic be easy to spot? Not quite. As Dumbledore tells Harry, these objects are very commonplace, which make it harder for anyone to find them.
The same rule applies to teaching employees to spot warning signs in scam emails. They blend in perfectly well and most people wouldn’t think twice to notice how out of place they really are. So, when taking the hour or so out of your day to sit down with the whole staff to discuss office cyber security, this is definitely an important note to cover with visual aids. Just as there are 7 Horcruxes that needs to be found, there are also 7 ways to identify a fake and dangerous email even before opening any type of link found within.
1. Strange address
2. Sense of urgency
3. Generic greeting
4. Spelling Mistakes
5. Unusual requests
6. Suspicious links
7. Suspicious attachments
And there you have it. Once you’re able to identify any of these 7 aspects of a scam email and have prepared with enough resources and knowledge on the matter, you can save your company from the danger of a cyber-attack.
SHARE BLOG POST