Chapter 4Lessons in Protection

“One of the major differences between school and real life is that school first teaches you a lesson then gives you a test; life gives you a test that teaches you a lesson.”

—Chris Hadnagy

Now that you have been thoroughly schooled by our resident shrink and phishing nerd (yes, I am talking about Michele), it is time to start applying all the knowledge you've acquired. I have talked to dozens of companies who spent hours and hours scouring the Internet for ­suggestions on how to educate their staffs and themselves in the art of protection. On the basis of those conversations and their frustrations, I have compiled this chapter.

What I want to do with this chapter is to break down some of the ­lessons that we have learned in working with some of the world's ­largest organizations and help you learn how to apply them. One of the things I have found is that there is a major difference between “civilian” ­protection tips and “pro” protection tips.

By civilian I mean the average, everyday person. The person who's at home without a full IT staff to call on. The one who doesn't have a resident computer nerd in the next cube who can tell you what to do as he sighs loudly at your inherent lack of technical prowess. Even a ­small- to medium-sized (or in some cases large) business that does not have a full-time security guru at its fingertips could fall in this category. If one of these descriptions sounds like you, pay attention to the civilian tips. The ...

Get Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.