Hi Lea, Thanks for sharing - glad to hear the damage was limited!
I work as a cyber behaviour consultant in a cyber security firm, partner of SoSafe. And we have have seen similar challenges in supporting our clients, especially when it comes to striking the right balance - it's often better to have employees be a bit too cautious than not cautious enough.
Here are some approaches that have worked well at our clients:
Emergency contact on screensaver paired with a short decision tree on when to call outside of office hours.
Short communication campaign with examples to let employees know what qualifies as a "wake-up" incident.
Depending on the size of your organisation. A meeting of 30 min with IT and high profile employees (those with higher rights or access to more sensitive data). You want at least these employees to be sure that they know when to call!
Happy to share more if helpful!
