MasterCard workers go "phishing" for malware

Security training at MasterCard helps keep up morale by giving everyone a reason to keep an eye out for malicious acts.
Security training at MasterCard helps keep up morale by giving everyone a reason to keep an eye out for malicious acts.

MasterCard CSO Ron Green touted his company's latest effort to fight malware as not only being successful, but saying it also helps keep up employee morale by giving everyone a reason to keep an eye out for malicious acts.

With the ever increasing amounts of ransomware and general spam pouring into all companies, Green told SCMagazine.com in an exclusive interview at Black Hat that MasterCard wanted to come up with a way to not only spot the malware, but make everyone feel as if they are playing an important role in keeping the company safe.

The answer, he said, was to hold quarterly phishing tourneys where each employee who spotted a malicious email would get credit. More points are gained for digging out a piece of malware and fewer for finding general spam.

Prizes range from goofy gifts to a monetary payout for those who find the most malware.

“We wanted to give everyone the message that we are all in this together,” Green said.

In addition to using positive reinforcement, MasterCard has also implemented another technique designed to give workers a taste of what would happen if they clicked on a malicious link.

Like many other firms, MasterCard sends out fake phishing emails to see how their staffers react. Those that mistakenly open and take action on the supposedly malicious email have their PCs lock up and give a very real impression of a computer that is being hacked. The scare lasts for eight seconds before the worker is told that it was just a test, Green said.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS