<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>An employer is constantly phishing staff, in hopes of sensitizing
people so that real attacks won't get through. Alas, all they do
is make us paranoid.</p>
<p>Humans are particularly bad at <i>reliably</i> detecting
attacks, so occasional attacks get through, after which we get
even more paranoid, and wonder if our jobs are on the line...</p>
<p>Every single phishing attack I've seem, real or self-inflicted,
laughable or brilliant, got detected by spamcop.net. Does the
company use a spam filer? Sure, but it's the Microsoft one, which
is useless. Any time I see something I don't recognize at work, I
paste it into spamcop.<br>
</p>
<p>So:</p>
<ol>
<li><i>Do</i> use technological means to deal with ransomware
attacks</li>
<li>Make sure it's a <i>credible</i> means</li>
</ol>
<p>By this I mean a backup service like one Lexis Nexis had: they
connected via a VPN, they were only connected when backing up, the
connection was a disk mount, and they offered <i>financial
guarantees. </i></p>
<p>That last reassured my VP: she said "they don't want to be sued
out of business, and know a legal publisher like us will be
litigious if they mess up". The only thing I didn't like was how
slow it was do do a restore (;-))<br>
</p>
<p>--dave<br>
</p>
<div class="moz-cite-prefix">On 11/8/23 13:23, Alvin Starr via talk
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:baff55fd-926d-4fc1-952f-b11d506fa0e4@netvel.net">On
2023-11-08 11:35, Karen Lewellen via talk wrote:
<br>
<blockquote type="cite">speaking personally?
<br>
It probably was.
<br>
My reasoning comes from a rather disturbing exchange I had with
an employee about the sites lack of inclusive design.
<br>
The sense I got is that those in charge took a lets build
things with lots of third party input based on what is the
latest trend.
<br>
instead of building a solid secure, progressive enhancement
based floor.
<br>
Articles I saw on the cp24 site hinted that likely some staffer
downloaded a file or opened an attachment.
<br>
if you trust your computer foundations to third parties, again
speaking personally, then you cannot swiftly put things back
together.
<br>
Just my 2 cents,
<br>
Kare
<br>
<br>
</blockquote>
In the libraries defense.
<br>
Lots of bigger and supposedly more secure organizations have been
hit by ransomware attacks.
<br>
<br>
Phishing is getting more and more sophisticated and all it takes
is a momentary lapse.
<br>
<br>
<blockquote type="cite">
<br>
<br>
On Wed, 8 Nov 2023, Warren McPherson via talk wrote:
<br>
<br>
<blockquote type="cite">What is going on with the library
website?
<br>
There was a CBC article that said there was a ransomware
attack, but it's
<br>
been down for a week and it's hard to imagine why it would
take so long to
<br>
recover unless their infrastructure was much weaker than I
would expect.
<br>
<br>
</blockquote>
---
<br>
Post to this mailing list <a class="moz-txt-link-abbreviated" href="mailto:talk@gtalug.org">talk@gtalug.org</a>
<br>
Unsubscribe from this mailing list
<a class="moz-txt-link-freetext" href="https://gtalug.org/mailman/listinfo/talk">https://gtalug.org/mailman/listinfo/talk</a>
<br>
</blockquote>
<br>
</blockquote>
</body>
</html>