Because, no matter whether you're working from the office or working remotely from home, email still plays a vital part in our working day. Sure, there's now a place for Slack, or Zoom, or Microsoft Teams, or whatever overlay of productivity software you are expected to use.
But for most people, getting stuff done still comes down to email.
The strengths of email: anyone can email you, and add all sorts of attachments. The weaknesses of email: anyone can email you, and add all sorts of attachments. So, while email is one of the most powerful productivity tools around, it's also a big source of risk.
Most of us are still dealing with email overload (now we also have overload via all those other communications tools, too). Many of you will still be looking at -- and trying to respond to -- hundreds of messages from colleagues, clients, or anyone else you do business with, every day.
But how long do you spend looking at those emails; are they really who they say they're from?
Cyber criminals know that our time is tight and that we won't have a chance to carefully analyse every message that reaches our inbox -- one of the reasons why phishing is still so successful.
Some scoff at how phishing emails are still such an effective attack tool; sometimes they outright blame the victim for opening the spam email and following the instructions -- but blaming the victim is wrong.
For a start, if antivirus software and spam filters were being used and implemented correctly, there would be far less chance of malicious emails landing in people's corporate inboxes in the first place -- and making that switch is a technology concern, not a people problem.
But it's also become incredibly difficult for us to process and separate spam emails from everything else that lands in our inboxes, especially, when so many of those emails relate to office admin -- and cyber crooks know that's the case.
Yet while it's possible to provide staff with phishing training, this program needs to be effective -- and one multiple choice quiz a year isn't going to cut it. Neither will 'gotcha'-style phishing tests, where fake phishing emails are designed to be indistinguishable from real emails sent every day.
It's unlikely that phishing attacks will ever be outright stopped -- at least soon, but there are steps that organizations and individuals can take to help ensure they're as protected against them as possible.
For starters, if you're uncertain about something, don't immediately click on it -- if the email claims to be from a colleague, use a channel that isn't email to ask them if they sent it. If it's an email demanding that urgent action needs to be taken because of an issue with your account, don't click the link in the email, but instead log in to the account via the official URL -- if something is wrong, it will tell you there.