• Hossenfeffer@feddit.uk
    link
    fedilink
    English
    arrow-up
    15
    ·
    6 months ago

    Alternatively, over-report. Spelling mistake on an email from a colleague? Seems phishy to me. Email from a colleague with an attachment? Phishy! Unsolicited email from a client? Phishy! Email from ‘social committee’ sent to everyone in the team? Phishy!!!

    • Blueteamsecguy@infosec.pub
      link
      fedilink
      arrow-up
      6
      ·
      6 months ago

      Please don’t.

      I have to initiate those, or it looks bad for compliance. We sell software, we get SOC 2 attestations yearly. We start getting points marked off for very general security and compliance measures customers will question our products and not renew or not purchase in the first place, because if we can’t even secure our own employees and promote awareness, what does that say about our product?

      Sincerely, the guy everyone hates and makes your work life harder.

    • Boozilla@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      6 months ago

      I have done some minor malicious compliance / prankster sabotage sort-of like that in the past. I got called on the carpet. It was fun, though!