Do you remember the, Stop, Drop, and Roll drills at school? Well, I do, and I am confident in my ability to mitigate that threat. A firefighter would address the class and have us practice and watch a little simulation, driving the point home. But, overall, the catch line of Stop, Drop, and Roll is really what stuck with me over the years, and I am happy to report that to date I have yet to be in the position where I needed to enact this training. We can learn from the success of this Stop, Drop, and Roll method, applying a similar paradigm to one of most significant threats the Credit Union faces today, email phishing. While we are far more likely to encounter this threat in our daily routines, how do we drive crucial mitigation steps home for our associates?
Introducing the Stop, Snap and Share plan for Suspicious Emails at the Credit Union:
- Stop what you are doing – do not proceed any further with that download, do not click that link and do not reply to the email in question. Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip or other compressed or executable file types. Do not provide sensitive personal information (like usernames and passwords) over email. Do not try to open any shared document that you’re not expecting to receive.
- Take a Snapshot the suspicious activity. Documenting this will help give the security team valuable information to track and validate the threat. Watch for email senders that use suspicious or misleading domain names. Inspect URLs carefully to make sure they’re legitimate and not imposter sites.
- Share the threat with the security team through their designated channels. Don’t keep this a secret, email your Service Desk and let your direct manager know about the threat right away.
"If you can’t tell if an email is legitimate or not, please check with your supervisor immediately. Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source."
Security leaders, legal departments, and compliance officers, should ensure they share the good, the bad, and the ugly with users. Anonymize the stories if you must, but summarize the incident and the responses on a regular basis. CISOs must strive to keep the incident feedback and supporting processes and policies simple. By focusing on a few simple key behaviors, such stop, snap, and share, the message will be well received. Turning a status report or policies into a dissertation on the mechanics or legal issues around phishing will ensure that the message will be lost on many associates. Such efforts help people get excited about the issues and feel like they're part of something important.
