Treat your organization’s brand as a valuable asset. If you don’t are you risking damage to your brand reputation when doing phishing tests?
Some IT teams feel employee backlash is acceptable.
But, it can easily get out of hand.
We’re seeing more stories of unfair phishing tests, and tests that deceive employees enough to drive them to take unexpected and damaging actions.
This is not contributing to a healthy security culture for those organizations.
Just because attackers will stop at nothing to trick employees, does not mean your organization itself should do this.
Not only can these unreasonable tests create a negative reputation for your business, it can create real costs too.
Photo by Richard Dykes on Unsplash
Join our next 5-Day Challenge to experience something completely unique
“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager
Some costs that could be associated with poorly designed live phishing tests include:
- Employee backlash causing poor morale
- Employee complaints to HR that disrupt productivity in multiple teams
- Uncontrolled and unauthorized publication of internal processesÂ
- Potential legal liabilities from impersonated organizations (e.g. IRS, Facebook, etc.)
We need to realize that our organizations will never reduce phishing or social engineering incidents to zero. Attackers will always find new ways to trick people.
What else can we do to effectively reduce phishing risks?
- Teach employees how to analyze inquiries for clues, not just “be suspicious”
- Provide opportunities for employees to practice on a frequent basis
- Make the experience of awareness training and practice inclusive and positive
Building a stronger security culture will do more to ultimately protect our organization’s brand reputation than attacking them in new ways. Imitating the most deceptive methods used by attackers in live phishing tests can only end badly for the organization’s reputation.
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.
Cyber Security
Phishing Defense
Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.
Social Engineering Defense
Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.
Cyber Security Awareness for Remote Workers
Home-based workers are vulnerable to cyber attacks. Build team immunity today.
Privacy and Compliance
PCI Compliance Awareness
When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.
Gamified HIPAA Compliance Awareness
If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).
Gamified Learning Platform
Active Awareness Platform
Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.
