Imagine the following: A mid-level HR employee receives an unsolicited resume. The company’s policy is to forward all unsolicited and suspicious emails to a designated mailbox maintained by the IT group for further inspection before opening any attachments or clicking any links. The employee without thinking opens the attachment. This seemingly minor mistake allowed a …