The Battleground:

A local county's emergency services IT infrastructure and related computer and communication systems. 

The Presumption:

Employees and leadership typically think that phishing will never happen to them. It is often assumed that employees known how to handle phishing attempts when they are encountered. Handling these situations is understood by everyone, right?

The Discovery:

An employee had received a phishing email and clicked a link inside of the email. The employee didn't realize that this link would download ransomware onto their computer and quickly spread throughout the network. Unfortunately, the employee did not notify anyone right away about the email and by the time something could be done about the situation, it was too late. The entire network had to be brought down which put the emergency services on hold for the entire county. This means that emergency services such as police, fire, health, and other county services could not operate to their full extent.

Our Solution:

To avoid this, it's vital to properly train all staff on how to detect and respond to phishing attempts. Security awareness training should be taught on a regular schedule to keep staff notified of security risks and how to mitigate them. InfusionPoints has helped numerous organizations develop and implement security awareness training programs.

Lessons Learned:

You can never be too careful. Phishing attempts are constantly evolving and everyone must be prepared to detect and avoid them. Phishing emails are the most successful way for malicious users to get into networks and your staff is the first line of defense. Act now to prevent catastrophic damage to your network and operations.