This Is Only a Test

In the modern business world, many people communicate via text, or by using any of a variety of different chat apps. It's often more convenient than a phone call, and usually quicker (if inevitably sloppier) than sending an e-mail. It's likely to be a long time, however, before e-mail entirely disappears as a means of communication and sharing information. And as long as e-mail continues to exist, if not precisely flourish, it will remain a potentially dangerous point of entry to your workstation and, more problematically, your employer's network.

Several of us here at the home office of TestOut Continuing Education were reminded of this unavoidable condition earlier in the week when an e-mail announcing itself as being from "IT@[CompanyDomain].com" popped through to inboxes across the company. The e-mail alerted recipients to a suspected security breach and instructed everyone to immediately change their passwords by clicking an embedded "Change Password" link. It was clearly a phony, a not-too-bright phishing attempt that shouldn't have fooled anyone.

The next day, the actual IT support staff followed up with an e-mail explaining that the previous day's phishing attack had been a simulation aimed at luring unwary staff. The purpose of this drill was to evaluate employee cybersecurity awareness, and also introduce staff to a training course that would promote better security habits. Rather amusingly, this follow up e-mail directed recipients to begin the training by ... clicking an embedded link. A coworker good-naturedly harassed the support staff for taking this somewhat counterintuitive approach.

Perhaps the most interesting element of the entire experience was a number: 21 percent. That's the percentage of people who received the initial simulated phishing e-mail and then went ahead and clicked on the embedded link to change their passwords. Yes, at an IT education company that includes security certification training among its products, a shade more than one-fifth of all employees didn't look at the e-mail closely enough to recognize it for what it rather obviously was. Oops.

Mobile technology and the increasing availability (and variety) of messaging apps may be gradually changing the way that we communicate — but it's still largely an e-mail world, folks. Always be wary. And if anything about this interlude has spurred your interest in cybersecurity as a career option, then remember that (as noted in passing above) we do have some training for that. Our world is becoming more computerized every day, and there's no shortage of employment opportunities for skilled information security professionals.