Joe worked hard every day fighting the good fight against viruses and malware for a large financial firm in the UK. Their security setup suffered flaws, but it worked well enough. Scanners on incoming email, an antivirus product on the mail servers, signature updates every 30 minutes, and a basic antivirus on desktops all worked at Joe’s command to protect their network. There was no default route back out to the Internet and a Machiavellian filter restricted web access. Despite all this, Joe had to contend with one vulnerability not even the most advanced security system in the world could defend.
Spam changed faster than their filter-rules, and sometimes bad things slipped through. Joe’s team hoped to lessen the risk of this by educating their users to NEVER, EVER, EVER OPEN SOMETHING THAT LOOKS SUSPICIOUS. As predictable as an Enterprise Red Shirt dying on an Away Team mission, users would always go ahead and crack open malicious EXE files from their “long-lost cousin Frank” and completely fry their computer in minutes.
One day, the Red Shirt in question was Jane, a high-level director. She opened an email containing a nasty worm. Joe was dispatched to her lavish corner office to examine the damage. He found Jane sitting at her big, plush, squishy, and extremely expensive director’s chair. She smacked the keyboard like a rhesus monkey trying to crack open a coconut. Jane slid out of the way to let Joe work but he didn’t need much time to determine her machine was toast. From the comfort of Jane’s awesome chair, he called up desktop support and got them give her a loaner while they re-imaged her machine.
Before he left, he gave Jane a little “re-education” about how to not open email viruses and to immediately delete anything that suspicious. Jane assured him she understood.
Joe headed back to his Batcave. He wanted see if the worm might spread or pose a leak risk. It didn’t take much research to confirm that it couldn’t propagate on its own, and it couldn’t send traffic out of their network. Just then he got the phone call from his boss, claiming that hundreds of the wretched emails had gone out and at least 50 user’s desktops were fried, probably more. Puzzled, Joe pulled up the logs on the email server.
Patient Zero, AKA Jane, had put her new machine to use by forwarding the entire company a “HACKER VIRUS!” email. “WARNING!,” she wrote, “DON’T OPEN THIS ATTACHMENT. IT IS A VIRUS!!!1!” Users unsurprisingly opened the attachment anyway. Joe and his security buddies now had a several days-long battle on their hands to eradicate the scourge from their network and keep it from sending any data out.
Months later, after the dust had settled, Jane was the odd woman out in a management restructuring. Joe was not-so-secretly glad to see her go. Jane had no replacement, so after an appropriate amount mourning period, about 13.2 minutes, Joe went in and commandeered her squishy chair. From then on, he cited a bad back for the reason he needed to keep such a lavish chair in his small cubicle. It was a constant, comfortable reminder that it takes a lot of effort and careful wording to cater to those with the lowest common sense, who sometimes are also the highest in the management chain.