Blue Ant Media
Coming from Google SecurityMicrosoft SecuritySecurity & Account4 min

Staying Secure

Security Awareness

Phishing Detection Challenge

You'll see 4 emails. For each one, decide: is it a real email or a phishing attempt? Learn to spot the red flags that protect you and company data.

Urgent language

Creates panic to rush you

Wrong sender

Fake or misspelled domains

Asks for passwords

IT never asks via email

Suspicious links

Hover before you click

Interactive - Spot the phishing emails

What's Changing

The security tools behind the scenes are upgrading to Microsoft's enterprise security platform. For you, the day-to-day doesn't change much, but there are a few things you should know to keep your account (and the company's data) safe.

What Stays the Same

  • The rules - don't click suspicious links, don't share your password, report anything weird
  • Common sense applies - if an email looks off, it probably is
  • IT has your back - the security team monitors for threats so you don't have to

Spotting Phishing Emails

Phishing emails are fake emails that try to trick you into giving up your password or clicking a dangerous link. They're the #1 security threat for any business.

Red Flags to Watch For

  • Urgent language: "Your account will be locked in 24 hours!"
  • Unexpected attachments from people you don't know
  • Slightly wrong email addresses: support@microsooft.com (notice the double 'o')
  • Requests for your password - Microsoft (and your IT team) will NEVER ask for your password via email
  • Links that don't match - hover over a link before clicking. If it says "microsoft.com" but the actual URL goes somewhere else, don't click

What to Do If You Get a Suspicious Email

  1. Don't click any links in the email
  2. Don't open any attachments
  3. Don't reply to the email
  4. Click the Report button in Outlook (if available) or forward the email to your IT contact
  5. Delete the email

What to Do If You Accidentally Clicked

Don't panic. Just:

  1. Change your password immediately at portal.office.com
  2. Tell your IT contact right away
  3. They'll check your account and make sure everything is secure

Phishing Examples That Target Media Companies

Beyond generic phishing, here are scams that specifically target media company staff:

  • Fake invoice emails - "Your production vendor invoice is attached" from an address that looks like a supplier but isn't
  • Content licensing scams - "Complete your licensing renewal" with a link to a fake site
  • Vendor payment redirect - "We've changed our bank account, please update your records" (always verify by phone)
  • Fake IT messages - "Your mailbox is full, click here to upgrade" from an address that's not your real IT team

If an email asks you to do something urgent involving money, passwords, or customer data - stop and verify by phone before acting.

The Report Button in Outlook

When you spot a suspicious email:

  1. Select the email (don't click any links in it)
  2. In the ribbon, go to Home > Report
  3. Choose Report phishing or Report junk
  4. The email goes directly to your IT security team for analysis

This is faster than forwarding and gives IT the technical details they need to investigate.

Password Best Practices

Instead of a complex password like M3d!@C0! that's hard to remember, use a passphrase:

  • "BlueAntMedia2026Go!" - long, easy to remember, hard to crack
  • "EditSuite#7Renders" - personal to you, meaningless to an attacker
  • Use different passphrases for work and personal accounts
  • Never share your password with anyone, including people who say they're from IT
  • If you think your password has been compromised, change it immediately at passwordreset.microsoftonline.com and contact IT

Consider using the Microsoft Authenticator app's password vault or Edge's built-in password manager instead of memorizing everything.

Working Securely at the Office

On Shared Computers

  • Always sign out when you're done using a shared computer
  • Don't save your password in the browser on shared machines
  • Lock your screen when you step away (press Windows + L)

On Your Personal Devices

  • Keep your phone locked with a PIN, fingerprint, or face ID
  • Keep apps updated - Microsoft pushes security updates regularly
  • Don't connect to unknown Wi-Fi without checking with IT

With Sensitive Information

Media companies handle sensitive content and partner data daily. Under Canada's privacy law (PIPEDA):

  • Never email SINs, credit card numbers, or financial details - use secure hand-delivery or encrypted channels your IT team provides
  • Don't store sensitive data on personal devices or personal cloud accounts (personal Google Drive, USB sticks, etc.)
  • Lock your screen every time you step away - press Windows + L. Sensitive content may be visible on your screen. Even 30 seconds away is enough for someone to see something they shouldn't
  • Don't plug in unknown USB drives - someone handing you a USB with files could unknowingly be carrying malware. Ask them to email the files instead
  • Follow your department's privacy policies - when in doubt, ask your manager

Tips for Staff

  • MFA is your best friend - it protects your account even if your password is stolen
  • When in doubt, don't click - it's always safer to check with IT first
  • Your IT team is there to help, not judge - if you click something suspicious, reporting it quickly is the best response
  • Updates are important - when your computer asks to update, do it. Those updates include security fixes

Need Help?

If you suspect a security issue:

  1. Report it immediately - don't wait
  2. Contact IT Support
  3. Email the Blue Ant Media IT team at it@blueantmedia.com

Previous

Your New Sign-In & MFA

Next

Calendar Delegation