Nicholas Banting, Marketing Manager
In the moments after you realize your email has been compromised, you are overcome with a sense of fear, embarrassment, and denial. What have I done? What does this mean for all of my clients’ files? Who should I tell? What can thieves actually do with the data? I must have made a mistake; I don't think that was a sketchy email?
The truth is that email phishing scams are still very common. COVID-19 has forced people to increase their email usage and thus phishing scams have seen a visible uptick. In a world where people still use the same passwords for all their accounts, integration means that once you have their enterprise credentials there are many places that you can go. High profile email phishing stories, such as Shark Tank’s Barbara Corcoran, show us that it can happen to anyone and that honest mistakes are increasingly commonplace.
If your email has been compromised, the first thing that you should do is change the password to that account. Next, you must tell those people who could be immediately affected. These people could include your security team, your business partners, and, in some cases, your clients. Telling people may come with a stigma of failure and embarrassment, however, it shouldn’t. We are all in a rush, we are all too busy, and we are all trying to get that one last thing done before we leave. It is in these moments that we are increasingly susceptible to lapses in judgement.
Depending on your role within a company, there are also fears about what it means for your job. If you are the CEO, will it mean people trust you less? If you are a summer intern, does this mean today will be your last day on the job? The truth is that cybersecurity is much bigger than these fears. It is not about what’s best for ourselves; it’s about what is best for all of us. In all honesty, there will be some people that will be frustrated with you just because it created a bunch of work for them. Some people may react angrily because they are afraid of the consequences. However, all of these feelings will pass and the fact that you did the right thing in spite of fear will be the sustaining belief.
Time is essential in these scenarios. When you click a link in your email and enter your username and password accidentally into a malicious site, you must react instantly. If you immediately change your username and password, the thieves will only have a few seconds to either download or send out emails from your address. If you leave it for hours, your are open to irreparable damage.
If you take away only one thing from this story, please remember that it is to act swiftly without fear of embarrassment. Cybersecurity is a daunting subject until you dive in and start acting proactively every day. Read articles, attend training, and ask questions of your team - but whatever you do, don't bury your head in the sand and think that it won't happen to you.
For more great tips please read this helpful article by BenefitsPro.