Did you know 1 in 131 emails contains malware? That's 0.76 percent of all emails. It may not seem like a huge percentage to you—in fact, with odds like that, you can probably trust to luck you won't get a malicious email in your inbox. You've always had pretty good luck anyway, so why waste the time factoring in email to your already complicated cybersecurity strategy, right?
That all sounds logical—until you think about how many emails you receive in a month. More than 131? Thought so. Forget luck: This is a battle of wits, knowledge, and preparation. If you think you have what it takes to stay secure, try testing your luck on these real IT breach situations:
Scenario 1: The locked account
You're slammed with work when an email arrives, letting you know your user account for your company's training app got compromised. It reads, "Click to reset your password." Sigh. Should you:
- Reset your password.
- Forget training, you know enough already. Delete.
- Wait for a follow-up email and keep plowing through work.
- Forward it to your boss to verify it's legit.
Scenario 2: The compromised printer
It's cybersecurity strategy huddle time, and you're running late. You're going to be held up even further because you need to print out a sensitive doc your coworker just emailed you. You know it's not the best policy to print it to that old, dusty printer in the corner, but it's the closest one to your desk, you're going to be late, and you probably won't get in trouble.
- Print it.
- Print it and sprint to the printer to avoid it being stolen.
- Try to avoid using a printer with an admin password of "admin."
- Email your boss that you're running late and figure out a more secure solution.
Scenario 3: The unexpected raise
Oh snap, you may be lucky after all. You've gotten an email from the payroll department commending you for excellent work by granting an 11.14 percent raise. It reads, "Salary raise documents are attached." Should you:
- Open the documents.
- Figure it will show up on your next paycheck regardless.
- Go buy that drone off Amazon you really want.
- Call payroll to verify.
Scenario 4: The command from above
You're about to log out for the weekend when you get an email from your boss with a subject line reading "urgent."
Hey, need you to send me your account name and password for the company system. I'm locked out and in a meeting with our penetration testing vendor, need it ASAP.
- Send the info and go party.
- Delegate it and go party.
- Close your laptop and worry about it on Monday.
- Call your boss to verify the request.
Scenario 5: A friend in need
Your college roommate and ride-or-die shenanigans partner emails. They're in a pinch, apparently. Unsurprisingly, they got mugged after a wild night of drinking and need you to send a little bit of money their way. They've helped you out before, right? Do you:
- Send the money.
- Ignore your friend.
- Respond and ask for more details.
- Send a Facebook message or text to verify the situation.
Scenario 6: Not the tax man!
Oh no—you see an email from the IRS. Not the IRS. Anyone but the IRS. Your tax return is missing some information and you're due to receive a refund this year, according to the email. How do you proceed?
- Click the link to complete your missing tax return info.
- Laugh because you haven't done your taxes yet.
- Wait until the IRS comes knocking to act.
- Log into your tax software and check your tax return status.
Scenario 7: IT breach notification
You open your work email and see a message from your bank. It reads: "Hello, your account's been suspended due to a data breach. Please click to reset your password." What now?
- Click the link and reset your password.
- Delete the email.
- Ask an IT security coworker to verify legitimacy.
Scenario 8: The summons
You've been summoned to appear in front of a grand jury. Well, the email certainly appears serious: It was sent by subpoena[at]usdoj[dot]com, the email has a Department of Justice logo, a case number, a time, an address, and a link that reads, "Click to learn more." What do you do?
- Click to learn more.
- Tell your manager you have a cold and go home to cry.
- Google identity brokers and go into hiding.
- Google the listed courthouse and call to verify.
Scenario 9: The HR email
There's an audible whining noise from your coworker's cubicle. The reason is soon apparent: The entire IT department received emails from HR asking to complete the same insurance forms everyone already completed last week. Should you:
- Complete the insurance forms.
- Ignore the email.
- Create a meme about evil HR overlords and their mass amounts of paperwork.
- Dial HR's extension to verify the request.
Scenario 10: The Facebook album
You get a text message from that one aunt who shows way too many pictures at family holiday gatherings. It reads: "Hey! Check out Sam and Aubrey's new spring photos on Facebook! fb.me/example." Should you:
- Click the link.
- Ignore the link.
- Block your aunt on Facebook.
- Message her to see if she meant to send you photos.
Did your cybersecurity strategy hold up?
- Mostly As: You made some hackers pretty "lucky."
- Mostly Bs: You're mostly safe from hackers, but you should probably be better about responding to legit emails, too.
- Mostly Cs: You're all right—perhaps not secure but certainly awesome.
- Mostly Ds: Your cybersecurity strategy is solid.
Believe it or not, every one of these quiz questions was inspired by real-life phishy behavior—actual examples of phishing, spearphishing, smishing, and business email compromise attempts in the wild. Clearly, hackers are getting trickier than ever, and it's time to secure every entry point to your network, including often-overlooked vulnerabilities, like your legacy business printers, and get savvy to social engineering threats. In other words, don't leave your cybersecurity strategy up to luck—start implementing better security today to protect your IT environment tomorrow.