Holy hotdogs! Mindy, I am terribly sorry to hear that happened. I can say I haven't heard of this happening. Was it a single email or a lot of spam content coming in? I think answers may depend on the level of the attack. 

Judy Headrick, Steven Spadt, Brad Rooke   - as super security stars, would you have any advice for Mindy? Maybe a multi-pronged attack of an enablement campaign to refresh the people side, and a review of global settings inside and outside the igloo?

Tom Ryan – This has happened to us twice where a person's email has been hacked and then an auto-reply goes out to emails saying some urgent task needs to be performed. This gets into our DWP in the form of comments on blogs. It is usually only about ten comments before our IT team shuts the account down. After this happens I have to go into the DWP and search and delete the spam auto-replies.

Mindy Montgomery, Tom Ryan - One thing our cybersecurity team has put quite a bit of effort into is training our users to spot and report suspicious emails.  That has been key to preventing accounts from being hacked in the first place.  We use a service where employees can report suspicious emails and it even sends out test emails to see if employees will click links or report the email.  If you report the email, you're notified with a, "Congratulations! this was a test and you passed."  I don't know yet what happens if you click a link.  I'm paranoid enough that that hasn't happened to me yet.   

Judy Headrick - Oh hokey pokes this is a great interactive way to do security testing and training!

We used to do this back at a company I worked for, except it was branded thumb drives left outside of the office. I always wanted to know what would happen if you plugged one in but really enjoyed that chocolate bar you got for turning it in. 

Judy Headrick - Yeah, we do this, too. Unfortunately that still doesn't stop this from happening...   

Mindy Montgomery That is unfortunate.  The only other thing I can think of is review which channels really NEED to have the reply by email turned on.  I prefer to leave it off for most channels as reply by email becomes VERY messy when users reply with history.

Judy Headrick Great tip, thanks!

I agree with Judy Headrick -- anti-phishing starts with staff awareness/training. We created a Cybersecurity Tips & Tricks series, in fact, and send these out as IT Updates (blog posts) every few weeks. After you've had time to raise awareness and skill in preventing phishing attacks, the simulation tests are a great tool to (a) test your staff's overall skill level (how well did the training work) and (b) identify those few staff left who need remediation.

Steven Spadt Judy Headrick - you folks have hit it right out of the park. Education is the first thing, simply letting your employees know WHAT to look for and be suspicious of. Re-enforcing that training with measured testing and a feedback loop comes next. The last company I worked for had a 'Report to IT' link built right into Outlook, so we were able to action things right away, and validate prompt responses. Looking inwards to Igloo, providing a space both for Cybersecurity awareness and reporting of suspicious behaviour and events is a great idea. Lastly, agree with Judy in that you can limit the damage by considering what channels absolutely need email posting and which ones can do without.