Assignment task:
You are the IT director at a medium-sized marketing consultancy company. The consultants are often away visiting clients, so email is an especially important communication tool. Malicious emails have always been a problem, but, recently, the problem has gotten considerably worse. The biggest worry for you, as the IT director, is emails arriving in employee inboxes pretending to be from other company departments, such as HR and executive management. These emails frequently attempt to trick employees into sharing sensitive login information that can be used to steal clients' data.
After consultation with the executive team, you have decided on changes that need to be made. Employees must now register for 2-step authentication to access emails. All emails from non-company sources will automatically be labeled with the word "External" in the subject line. Employees must now change their passwords every six months or lose access.
Some employees will not be bothered by this. Some employees will be annoyed by the new changes, so be sure to emphasize the benefits of the new system. Also, no security system is perfect, so you'll need to give information on how to recognize phishing attempts. Employees who suspect a phishing attempt should forward the offending emails to the IT Department.
Short report-style memo detailing the information and what employees should do. Include the following:
- A summary of the memo at the beginning.
- A brief description of the problem.
- A list of the new email policies and benefits.
- Information on how to recognize phishing attempts.