I don’t have an article to reference for this weeks blog post because I want to talk about something that happened at work this week. It turned out to be I’m not even, but the level of awareness (or lack of) has me concerned. Here’s what happened:

I start work later than most of my department, so by the time I come in everyone is usually busy and getting things done. When I got in the other day, everyone was milling about and talking so I knew something was up. They told me the phones were down so we couldn’t do anything. Shortly after that the network went down as well. My first thought was, “could this be the result of some kind of an attack?” When I asked this question of my co-workers, I received a range of looks from confusion to disbelief. I don’t work in the technology department, so I understand that an attack might not be the first thought people have. But, what I found surprising is the fact that they wouldn’t even consider it as a possibility. Some people thought no one would be interested in attacking us, others not an attack wouldn’t affect our internal network. I pointed out that neither of those things were necessarily true, but no one was interested in discussing it. 

Like I said earlier, this turned out to be a non-event, but I’m disturbed by the fact that no one even considered the idea that we could have been attacked. I think it comes down to a training issue. Even though we aren’t a tech department, I think we would benefit from a training program that would address threats  and the fact that the company could be a target. I don’t mean to sound like I’m judging my coworkers – I’m not – but I think there needs to be a higher level of security awareness. It comes down to if employees think a company wouldn’t be a likely target attack, how can you expect them to follow the security rules in place?