A quick thought on this threat to our personal financial wellbeing, our companies’ wellbeing, and our collective wellbeing. The Wall Street Journal ran an article on the subject earlier in the week, and this bit jumped out at me [emphasis added].
To better understand how far we have to go in creating a cybersafe culture, consider this: if you were taking a tour through a nuclear plant, and there was a big red valve with a sign on it that said “Do not touch,” how many of you would turn it? None, I would guess. But in a phishing test conducted at a major financial-services firm, one of the test emails actually said: “This is a Phishing Test. Clicking the link below will cause harm to your computer.” At least one executive clicked it! When asked why, he said, “I was curious to see what it would do.”
That executive should have been fired, for cause, on the spot. It’s too bad the author of the article didn’t identify the company; if that executive still works there, that would be a financial services firm that shouldn’t get anyone’s business; the company will have demonstrated that it won’t take seriously its obligation protect its customers’ personal financial data—or the monies customers might actually place with it.