During the first 5 years of my career I worked for companies with low risk of cyber attacks as the companies were small, after moving to a fortune 500 listed company I became more exposed to cyber security and the ways to control the risk.

The company's IT department sent us random scam emails which we had to identify and report to them, this helped us keep track of the potential scams out there and also probably identified the problem employees in the company which fell for these emails.

The company also had a two way authentication process for logging on to the network remotely which meant that any computer logging on from another server was properly tested.

The biggest issue remained attachments sent via email, especially any JAVA and PDF attachments as they were the most received and used files.

Another usefull way to limit the risk of any cyber attack was the setup of each computer, no employee besides IT could install any application on the computer as it required ADMIN passwords to be able to continue with any installation.

The company also provided online training with regards to email security and scams. Each employee was also required to change their passwords every 3 months to comply with SOX requirements.

Very good learning experience.