July 17, 2021

Last Updated on January 18, 2024

When you go online, do you mistakenly trust in a level of security and protection that just doesn’t exist? Like, when you receive an email, do you instinctively believe the sender is who they say they are? Or when you look at social media content, do you assume everyone’s identity is legit? When you see a Facebook ad for a $79 iPad, do you even entertain the possibility that the sale is real?

To help dispel misleading misconceptions with insight and actionable guidance to improve security, a recent episode of The Virtual CISO Podcast features Dr. Eric Cole, well-known author and Founder/CEO of Secure Anchor Consulting. Hosting the show is John Verry, Pivot Point Security CISO and Managing Partner.

Most attacks are simple, but effective

Eric shares this example: “Back in February, I did an experiment where I gave 50 random people from 50 different companies a free, 30-minute online security awareness training session that I normally charge a lot of money for. We spent 30 minutes going through the dangers online, what you have to be careful of, and that you can’t trust anything.

“Then at the very end, I spent five minutes talking about COVID phishing threats. I said, ‘If you get an email that says either a student in your child’s class, or a co-worker, tested positive for COVID and ‘Click here to see if you came in contact and need to quarantine,’ don’t click on it. Don’t go there. It’s not valid. It’s not legitimate.’

“Two hours later, I sent all 50 people that same, exact email. 43 of the 50 people clicked on it. 43. That’s the online danger,” counsels Eric.

If you’re online, you’re a target

Hackers understand psychology and play on human weaknesses. They know if they can make us emotional, time-based and reactive, we’ll make mistakes they can take advantage of.

“It’s really this concept that when you’re online, you’re being targeted,” Eric cautions. “There are dangers all around you. Most people just aren’t properly trained on those dangers.”

What’s Next?

If you’re looking to make your cyber world—and that of your business—a more secure place, this insightful podcast episode with Dr. Eric Cole will be an awesome support.

To hear this episode all the way through, subscribe to The Virtual CISO Podcast on Apple Podcasts, Spotify, or our website.

Don't Get Hooked!

Phishing emails are tricky. Based on our Cyber Security Awareness Taining material, the 10 Tips for Detecting Phishing Emails infographic provides a cheatsheet of what to look for in unfamiliar emails.
Download our Detecting Phishing Infographic now!