• Hossenfeffer
    link
    fedilink
    English
    108 months ago

    Alternatively, over-report. Spelling mistake on an email from a colleague? Seems phishy to me. Email from a colleague with an attachment? Phishy! Unsolicited email from a client? Phishy! Email from ‘social committee’ sent to everyone in the team? Phishy!!!

    • @Blueteamsecguy@infosec.pub
      link
      fedilink
      68 months ago

      Please don’t.

      I have to initiate those, or it looks bad for compliance. We sell software, we get SOC 2 attestations yearly. We start getting points marked off for very general security and compliance measures customers will question our products and not renew or not purchase in the first place, because if we can’t even secure our own employees and promote awareness, what does that say about our product?

      Sincerely, the guy everyone hates and makes your work life harder.

    • Boozilla
      link
      fedilink
      English
      38 months ago

      I have done some minor malicious compliance / prankster sabotage sort-of like that in the past. I got called on the carpet. It was fun, though!