Phishing test "do's and don'ts" - what are the most important DON'Ts in your opinion?
Sort By:
Oldest
Senior Director, Global Information Security in Consumer Goods7 months ago
Building trust in your phishing exercise program is critical. Ensure your company culture is represented in your program. Get feedback and alignment with key stakeholders like HR, Legal and corporate communications. Employee privacy should be a non-negotiable. Consider communications to your employee base explaining the phishing program and their privacy concerns.Business Information Security Officer, Director in Banking6 months ago
Biggest opportunity these days is to take advantage of the opportunity for real-time training if someone fails the phishing test. Many phishing test providers provide the option, and there's no better way to cement the knowledge necessary to pass phishing tests than getting people in that moment just after "gotcha". No one likes that feeling, and its likely those same people understand their organization is trying to protect their customers and their business priorities.Senior Information Security Manager in Software6 months ago
Effective phishing programs should educate, not alienate.GoDaddy did the latter. Don’t be like GoDaddy.
https://www.engadget.com/godaddy-sent-fake-phising-email-promising-holiday-bonus-220756457.html
CISO in Software6 months ago
Do not run it so often, employees know exactly what to look for.
Sure, there are threat actors who play on that, but there are better, more effective ways we can test and train users without employing such tactics and stay that trusted party to the staff which helps your program stay successful.