Imagine the following: A mid-level HR employee receives an unsolicited resume. The company’s policy is to forward all unsolicited and suspicious emails to a designated mailbox maintained by the IT group for further inspection before opening any attachments or clicking any links. The employee without thinking opens the attachment. This seemingly minor mistake allowed a cyber-criminal to gain a foothold in the company’s network from which he could pursue countless malicious acts damaging the company and its c

Source: Implement a Cybersecurity Culture Through Broken Windows Cyber-Policing | New York Law Journal