484
I.T. 101 (midwest.social)
all 20 comments
sorted by: hot top controversial new old
[-] hypnicjerk@lemmy.world 103 points 1 year ago* (last edited 1 year ago)

if an end user can serve as an entry point to the entire domain for ransomware, the end user hasn't failed, IT has.

[-] Sheeple@lemmy.world 71 points 1 year ago

Upper management: "GIVE ADMIN PRIVELEGES TO ALL ACCOUNTS TO STREAMLINE THINGS. I DON'T CARE IF ITS INSECURE DO IT!"

[-] bleistift2@feddit.de 30 points 1 year ago* (last edited 1 year ago)
[-] Sheeple@lemmy.world 9 points 1 year ago* (last edited 1 year ago)

[Fired for noncompliance]

Sad truth of IT. Being ordered around by tech illiterate bosses who refuse to listen. And they often don't even seem to value their employees, thinking they're easily replaced (they aren't)

[-] DoucheBagMcSwag@lemmy.dbzer0.com 21 points 1 year ago* (last edited 1 year ago)

But sire, our employees will be in potential violation of SOC 2 compliance should we be audit—- “JUST DO IT!”

[-] jjagaimo@lemmy.ca 63 points 1 year ago

Today I got an email from management, something along the lines of "you didnt click the link in this email we sent as a required questionnaire about phishing, some people reported it as phishing: a reminder, all emails from IT@company.com are not phishing"

There was no previous email

I checked the message details and it said "THIS IS A PHISHING TEST BY external company"

It was a phishing test disguised as an urgent reminder to answer a phishing questionnaire, replying to a nonexistent email. I can't wait until Monday when they round up everyone who clicked the link

[-] hardware26@discuss.tchncs.de 19 points 1 year ago

This is a good one. We get standard phishing tests which make no sense. It is usually a person I don't know, from a company I haven't heard of asking me to edit/review a file they share. People who design these tests should know that people do NOT jump into the opportunity of editing/reviewing files or receiving tasks. I imagine real phishing attacks must be smarter than this.

[-] newIdentity@sh.itjust.works 5 points 1 year ago

Not nessecarily. They only need one person to run the file

[-] chiliedogg@lemmy.world 4 points 1 year ago

I work for a small-ish but fast-growing municipality, and we're getting increasingly well-targeted actual attacks. Instead of posing as "The IT department" they're posing as my boss or the City Manager by name.

This week they even started name-dropping the conference most of the directors were actually attending as an excuse why we wouldn't be able to reach out and talk to them before the "request$ was due.

[-] dditty@lemm.ee 12 points 1 year ago

Wow damn that'd trick whole swaths of our org 🤦. Sad how many people we still get with the super obvious "Free $5 on Venmo" phishing tests...

[-] newIdentity@sh.itjust.works 9 points 1 year ago

That's actually pretty smart.

[-] miss_brainfart@lemmy.ml 5 points 1 year ago

They did something similar at our university, I wonder how many fell for it. They never told us

[-] uriel238@lemmy.blahaj.zone 25 points 1 year ago

Usually a company needs a ransomware attack or some other digital tragedy before they learn the importance of security.

Sometimes they need a few incidents, and need to be reminded when upper management deprioritizes IT security.

[-] wabafee@lemm.ee 22 points 1 year ago* (last edited 1 year ago)

Nothing like running a ransomware on a government computer causing huge leak on a government run health database exposing everyone to a potential security risk.

Case in point: https://gulfnews.com/world/asia/philippines/philippines-hackers-reveal-hospital-bills-health-data-after-failed-ransomware-demand-1.1696339629351

[-] Dekthro@lemm.ee 14 points 1 year ago

And this is why I decided to not do IT.

[-] newIdentity@sh.itjust.works 16 points 1 year ago

She probably doesn't do IT and that's the problem.

[-] gmtom@lemmy.world 3 points 1 year ago

I don't mind, that not the support departments job, probably more like Info sec or dev ops or something.

[-] Robert7301201@slrpnk.net 3 points 1 year ago

laughs in small company

Mr.Robot.jpg

this post was submitted on 05 Oct 2023
484 points (100.0% liked)

196

16439 readers
1555 users here now

Be sure to follow the rule before you head out.

Rule: You must post before you leave.

^other^ ^rules^

founded 1 year ago
MODERATORS