Sign in Subscribe

On Building Allies for Information Security

Dennis Taggart

2 min read

I was approached by a coworker I didn’t know very well yet the other day with a simple question, “what antivirus do you use?” You probably sense it too: there has to be more to this question!

I asked if there were specific concerns they had regarding AV?

They let me know that they clicked something suspicious —We were making progress! They were worried they did something wrong, so ran 3 separate AV scans. They noted their regular apps started automatically after rebooting.  Coupled with the fear of that suspicious something, this was enough to worry the coworker, so they reached out.

I asked if they were prompted to enter a password somewhere or what kind of malicious item they clicked?

Turns out it was a word document received from a trusted contact. They opened the file and enabled macros. They immediately recognized something wrong and closed everything. But now every little quirk haunted them We were gaining a much clearer picture!  I further learned they called the IT help desk who indicated everything was probably OK.

At this point, I thanked them for reaching out and explained I couldn’t be sure about what exactly happened without more analysis, they did the right thing contacting me and I was going to get the team responsible for this work involved to fix this.  The real lesson for me though was in the handoff.  I sold this employee as a success story because I really think they are!

My handoff email read something like this: Our coworker here was messaged by a likely-compromised, trusted contact who sent an unsolicited, macro-enabled document.

  1. Because the sender was trusted, our coworker opened the file and enabled macros.
  2. Realizing this could be a trick, they exited the document and ran AV scans.
  3. Still feeling uneasy, they contacted the help desk who assured them there was no problem.
  4. Yet still recognizing the unknowns, our coworker contacted my team and we worked through the issue up to this point.

After this, the coworker reached out and thanked me for listening and let me know they felt better already.  I feel this turned into a learning experience for both of us. They are now better-suited to act as a security sensor in whatever organization they work in and I learned a number of things I could share with other groups to improve processes and procedures.

I believe similar opportunities could exist in many other organizations. It occurs to me how easy it would have been to miss this opportunity.

  • What would have happened if I didn’t ask questions?
  • What if I diminished the importance of this employee's concern, for any reason?
  • What if I lectured this individual for not following what they were taught in security awareness training?
  • What if I had been accusatory or did not act as their advocate?

I love the opportunities in information security to work with others and try to build them up in a tricky world which, along with all the other work security is a part of, leads little by little to a more secure organization.

Sign up for more like this.

Enter your email
Subscribe