Professional Documents
Culture Documents
Steven Miner Old Dominion University IDT 830 - Principles and Practice of Human Performance Technology Dr. James Marken Fall 2011
What Would You Do if You Got a Suspect Email? Most people who use email daily know to not open emails or programs within emails from unknown senders as it may contain some sort of virus or malware. Not opening these items is a conservative measure but they know the consequences of allowing such an intrusion onto their computers can have a very negative impact on them. Likely theyve learned this information from cybersecurity training, experiential learning, or from a news report. But, do they know what to do with an email from a relatively trusted source that has suspect information or requests? The Background An experienced computer user at a large company got an email from a government organization hed been working with that contained a link for what appeared to be endorsed anti-virus software. Thinking it was odd for the government to endorse something he forwarded the email to his local office security manager. The security manager immediately recognized an incorrect action (you should never forward any suspect email to others) and immediately contacted the user to discuss what actions hed taken and to provide direction for immediate permanent removal of the email from his system. The security manager did not scold nor lecture the user but did thank her for recognizing it might have security implications (she chose to forward to him vice deleting it herself). Then the security manager began to put on his HPT lens. The Problem Although company employees know what to do with emails from unknown sources they do not know what to do when encountering suspect information from a trusted source. Additionally, they did not know where to find a solution to questions they may have regarding such issues. This Problem Needs a Solution The company has nearly 40,000 employees nationwide who all use a computer daily. In addition to corporate information, they also work with classified government information both of which are
Phishing is the term for garnering information from computer users through creation of fictitious websites and emails that use social engineering techniques to lure suspects into giving up passwords and other private information.
Mager, R. F., & Pipe, P. (1997). Analyzing Performance Problems. Atlanta: The Center for Effective Performance, Inc.