How are you approaching phishing tests to make sure they really educate folks and aren't just about "tricking" employees?
Sort By:
Oldest
Principle Consultant in IT Services7 months ago
We have secondary training and re-phishes for people who fail the phishing campaign. We also report the percentage of failures and percentage of people reporting the phish during all hands meetings.Senior Information Security Manager in Software7 months ago
They have to be done in a formal manner. Great new book with ideas on how to do that. By Roger Grimes, see: Fighting Phishing: Everything You Can Do to Fight Social Engineering and Phishing.https://amzn.to/43hTyKd
Director of IT7 months ago
Red Team testing is a perfect way to test system and employees. Phishing, mystery guest on the floor trying to get into local network and find hardware and connectivity risks, and real testing based on credentials from phishing.CISO in Software6 months ago
The most important element is to have targeted and specific training provided to an employee when they "fail" a phishing test.
Generally, we're finding that after 3 fails the behavior changes in a positive way.