[et_pb_section fb_built=”1″ _builder_version=”4.16″ custom_padding=”0px|||||” da_disable_devices=”off|off|off” global_colors_info=”{}” da_is_popup=”off” da_exit_intent=”off” da_has_close=”on” da_alt_close=”off” da_dark_close=”off” da_not_modal=”on” da_is_singular=”off” da_with_loader=”off” da_has_shadow=”on”][et_pb_row _builder_version=”4.16″ custom_padding=”||8px|||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ text_font_size=”20px” text_line_height=”1.8em” min_height=”95px” global_colors_info=”{}”]

Treat your organization’s brand as a valuable asset. If you don’t are you risking damage to your brand reputation when doing phishing tests?

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ custom_padding=”5px||8px|||” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”582px” custom_margin=”||-1px|||” global_colors_info=”{}”]

Some IT teams feel employee backlash is acceptable.

But, it can easily get out of hand.

We’re seeing more stories of unfair phishing tests, and tests that deceive employees enough to drive them to take unexpected and damaging actions.

This is not contributing to a healthy security culture for those organizations.

Just because attackers will stop at nothing to trick employees, does not mean your organization itself should do this.

Not only can these unreasonable tests create a negative reputation for your business, it can create real costs too.

[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_image src=”https://clickarmor.ca/wp-content/uploads/2022/04/richard-dykes-SPuHHjbSso8-unsplash-scaled-1.jpg” alt=”Security awareness paradox” title_text=”richard-dykes-SPuHHjbSso8-unsplash” align=”center” _builder_version=”4.23.1″ _module_preset=”default” module_alignment=”center” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ sticky_enabled=”0″]

Photo by Richard Dykes on Unsplash

[/et_pb_text][et_pb_cta title=”Join our next 5-Day Challenge to experience something completely unique” button_url=”https://clickarmor.ca/challenge-registration” button_text=”Sign Up For Free” _builder_version=”4.16″ _module_preset=”default” min_height=”316px” global_colors_info=”{}”]

“The challenges were so quick I was able to do them in the time it took me to sip an espresso.” – IT Security Manager

[/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ custom_padding=”8px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.16″ text_font_size=”18px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”107px” global_colors_info=”{}”]

Some costs that could be associated with poorly designed live phishing tests include:

• Employee backlash causing poor morale
• Employee complaints to HR that disrupt productivity in multiple teams
• Uncontrolled and unauthorized publication of internal processes 
• Potential legal liabilities from impersonated organizations (e.g. IRS, Facebook, etc.)

We need to realize that our organizations will never reduce phishing or social engineering incidents to zero. Attackers will always find new ways to trick people.

What else can we do to effectively reduce phishing risks?

1. Teach employees how to analyze inquiries for clues, not just “be suspicious”
2. Provide opportunities for employees to practice on a frequent basis
3. Make the experience of awareness training and practice inclusive and positive

Building a stronger security culture will do more to ultimately protect our organization’s brand reputation than attacking them in new ways. Imitating the most deceptive methods used by attackers in live phishing tests can only end badly for the organization’s reputation.

[/et_pb_text][et_pb_button button_url=”https://clickarmor.ca/trial” button_text=”Book a free trial of Click Armor to start strengthening your security culture” button_alignment=”center” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][/et_pb_button][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]

 

Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_post_nav prev_text=”Previous Post” next_text=”Next Post” _builder_version=”4.16″ title_text_color=”#ffffff” background_color=”rgba(14,79,136,0.68)” custom_padding=”5px|10px|5px|10px|true|true” border_radii=”on|4px|4px|4px|4px” border_width_all=”1px” global_colors_info=”{}”][/et_pb_post_nav][/et_pb_column][/et_pb_row][/et_pb_section]