Quora Streamlines Phishing Protection and Increases Employee Awareness

Quora is a company founded on seeking and sharing knowledge. Their platform brings together people who exchange insights and connect through their shared curiosity. This culture of knowledge extends across the company’s operations, including its IT team.

This five-person team is a lean but mighty operation led by Robert Santos, the company’s Head of IT. His team is responsible for keeping all aspects of the company’s technology operations running, including overseeing security. Since the majority of security incidents occur as a result of phishing attacks on employee inboxes, Quora relies on employees as their first line of defense. User education and user reporting are at the center of their anti-phishing efforts for a reason: a knowledgeable employee population is a more secure employee population.

The challenge: Siloed tools and manual work drained the team

Just because something is the right thing to do doesn’t mean it’s the easiest thing to do, something the IT team learned when they began using siloed tools: one platform for phishing training and one to investigate and remediate suspected phishing attempts. “We’re not huge fans of phishing awareness campaigns,” Robert explains. Their prior approach to phishing education involved sending employees fake phishing emails that they would either successfully identify or not. After a phishing awareness campaign, the IT team would get a report of who passed and who failed the test. Employees didn’t feel great if they didn’t pass, and all the IT team had was a list of results from a singular, point-in-time test event.

Things became more painful when the team had to respond to user-reported phishing attempts. While the team was grateful that employees were reporting suspicious emails, each report required manual investigation and personalized outreach with the results of that investigation. If something malicious was uncovered, a team member would need to go in and manually remove it from employees’ inboxes. IT team members would jump on incoming reports as they were received, but coordination across reports was a challenge. If ten employees reported a similar email, it was far too easy to duplicate investigative efforts, leading to wasted time on top of what was already a highly manual process.

The solution: Integrated, intelligent phishing protection

Robert knew there had to be a better approach to the age-old problem of phishing and after consulting with fellow IT and security practitioners, he learned about Material Security. Instead of addressing employee education and incident response in separate tools, Material combined the ability to instantly respond to potential phishing attacks with the ability to train users to recognize and use caution with suspicious emails. Material proactively blocks malicious email, plus it provides a better way to respond to user-reported phishing.

The feature that really stood out to Robert was the ability to apply a remediation as soon as an employee reported a potential phishing attempt. Unlike other tools which only offered the team a binary decision between malicious and safe, Material can apply an interstitial “speed bump” to help an email recipient pause and think before clicking on a link. Now, every time a Quora employee reports a potential phishing email, Material automatically groups similar emails so one employee’s attentiveness can translate into a more secure experience for everyone. Material also applies a “speed bump” remediation to user-reported phishing attempts, which replaces potential phishing links with a redirect to an interstitial page warning the employee that someone else has flagged the email as suspicious.

“That speed bump was a huge deal, because before Material we only had the ability to flag an email as phishing or not phishing,” says Robert. “And now there's a way to alert people to be careful because somebody thinks this might be dangerous, without just blocking delivery. I don't know of any other phishing product with that flexibility.”

The results: Improved efficiency and education

Today, employees at Quora have a simple process for reporting phishing that’s equally simple when it comes to IT team responsiveness. With a single click, one eagle-eyed employee protects the entire company.

“We have employees who report phishing attempts pretty regularly, and the team can go beyond saying ‘good call out,’” says Robert. “We like reminding people that when they report phishing, everybody gets the warning right away. They don't need to wait for somebody in IT to take action.”

And when IT does conduct an investigation, the process is much smoother. Because of Material’s similarity matching capabilities, multiple phishing reports are grouped together. Plus, Material accurately identifies the bulk of malicious email, so the number of investigations is lower. The days of scrambling to jump on phishing reports only to wind up doing duplicative work are over. The team has cut down on manual work and runs more efficiently as a result.

As an added bonus Material gamifies the experience of phishing. Instead of just flagging an email and having it go into the IT team’s queue, there’s the instant satisfaction of knowing that Material has kicked in to provide company-wide protection. Robert and his team have less manual work and a more effective approach to fighting phishing:

“The best thing about the phishing features in Material Security is I haven't had to do anything like a phishing campaign. I've loved the interactivity of it all.”