The Company had a tech savvy, highly educated workforce.
The Company had ensured they had antivirus installed on all computers.
One user unknowingly downloaded a virus that took over his inbox and sent out copies of itself to all email contacts in his account.
Other users within the company opened the attachment because they trusted the sender thereby replicating the virus over and over.
The virus was emailed to the Company’s clients and suppliers, causing extreme embarrassment and much time and effort wasted sanitizing and eradicating the virus from the Company’s systems.
Ensuring all staff understands the risks due to untrusted emails and not relying only on technology to stop malicious software.
The Company started a cyber security testing and training program for all staff members. Every 6 weeks staff would get a relevant and timely phishing test email. Users who clicked the link would be required to take follow up training on how to recognize malicious emails and phishing messages.
After starting the program in early 2018 there hasn’t been another security incident of this nature and staff are all aware of internet and email safety.