As a cybersecurity instructor, my primary focus is on equipping individuals and organizations with the knowledge and skills to navigate the evolving threat landscape. To this end, I emphasize the importance of proactive security measures, such as staying informed about the latest threats, practicing good email hygiene, utilizing strong passwords and enabling multi-factor authentication, and promptly reporting any suspicious activity. By fostering a culture of vigilance and equipping individuals with the necessary knowledge and tools, we can significantly reduce our vulnerability to cyberattacks and build a more secure digital future.

If you suspect a phishing incident at work, it's crucial to handle the situation discreetly and professionally. First, immediately report the issue to IT support, providing all relevant details without alarming colleagues. Work with IT to assess the severity of the incident and identify affected systems or users. Avoid discussing the incident openly, as this could cause unnecessary panic. Instead, collaborate with IT to implement preventive measures, such as blocking malicious links or resetting credentials. Once the situation is under control, educate staff on recognizing phishing attempts through regular training or reminders, ensuring preparedness for future threats.

Keeping the information contained helps ensure that the situation is handled effectively without causing unnecessary alarm. It's all about maintaining a calm and controlled approach while addressing the issue promptly and efficiently.

Confirme as evidências de que o incidente é, de fato, um ataque de phishing, como e-mails suspeitos, links maliciosos ou atividades incomuns. Informe imediatamente o suporte de TI sobre suas suspeitas, preferencialmente de forma privada, seja por e-mail, chat corporativo ou presencialmente. Forneça detalhes do incidente, incluindo cópias ou descrições das mensagens suspeitas, sem encaminhá-las diretamente para não espalhar o risco. Não comente sobre suas suspeitas com os colegas até que o suporte de TI valide a situação e determine os próximos passos. Use linguagem neutra ao falar com o time, como “Notei algo estranho em um e-mail e já contatei a TI para verificar.”

When dealing with a suspected phishing incident, I recommend the following steps: 1. Alert the team by informing security personnel to investigate. 2. Isolate the threat by disconnecting affected systems from the network. 3. Analyze the phishing attempt by looking for suspicious links or email addresses. 4. Always educate employees by sharing details of the attempt to prevent recurrence. 5. Report the incident and notify the authorities or cybersecurity bodies if needed. 6. Review security by updating protocols, strengthen filtering, and conduct phishing awareness training for the team.