How live phishing tests cause unexpected reactions
IT managers fail to anticipate employees’ reactions. Employee phishing tests can, and do, leak “into the wild” and cause your business trouble.
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row column_structure=”1_2,1_2″ _builder_version=”4.16″ min_height=”670px” custom_padding=”5px||8px|||” global_colors_info=”{}”][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”596px” custom_margin=”||-1px|||” global_colors_info=”{}”]The unexpected employee reactions to phishing tests cost time, effort and sometimes money to counteract. When faced with a live phishing test employees might take one of these three actions:
1. Contacting an impersonated entity instead of the help desk
Contacting an impersonated entity (internal or external) rather than the help desk costs that organization and may damage both organizations reputation. (Remember the story about DOJ and Thrift Savings Plan.)
2. Contacting the news or social media to vent their emotions
Employees contacting news or social media will definitely cause an impact on reputation of the organization, and may require PR or legal damage control.
[/et_pb_text][/et_pb_column][et_pb_column type=”1_2″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_image src=”https://clickarmor.ca/wp-content/uploads/2023/12/unsplashimage-19.png” alt=”A live phishing test causes an employee to be angry at their computer” title_text=”unsplashimage (19)” align=”center” _builder_version=”4.23.1″ _module_preset=”default” module_alignment=”center” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][et_pb_text _builder_version=”4.23.1″ _module_preset=”default” hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]Photo via Getty Images + Unsplash+
[/et_pb_text][et_pb_cta title=”It’s been a “super-fantastic” experience to see people learning and talking about security threats.” button_url=”https://clickarmor.ca/quick-start-bundle-gamified-security-awareness-training-and-engagement/” button_text=”Start Your 6-Week Quick Start Bundle Now” _builder_version=”4.16″ _module_preset=”default” locked=”off” global_colors_info=”{}”]For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
[/et_pb_cta][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ custom_padding=”8px|||||” global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_text _builder_version=”4.17.6″ text_font_size=”20px” text_line_height=”1.8em” header_2_line_height=”1.4em” min_height=”8px” custom_margin=”-20px|||||” custom_padding=”22px||0px|||” global_colors_info=”{}”]3. Contacting other employees to warn them of the test
Contacting other employees to warn them may sound good because “it’s a behavior you want”, but it may not help when spear-phishing attack hits employees who were “tipped off” during a test. It can cost the price of an attack in the end.
Technical vulnerability assessments are easier to predict impacts and mitigate. We shouldn’t treat phishing tests the same as we do other vulnerability assessments, when the cost to mitigate unexpected outcomes is much higher.
[/et_pb_text][et_pb_button button_url=”https://clickarmor.ca/trial” button_text=”Book a free trial of Click Armor to start strengthening your security culture” button_alignment=”center” _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”][/et_pb_button][et_pb_text _builder_version=”4.16″ _module_preset=”default” global_colors_info=”{}”]
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.
[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version=”4.16″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.16″ global_colors_info=”{}”][et_pb_post_nav prev_text=”Previous Post” next_text=”Next Post” _builder_version=”4.16″ title_text_color=”#ffffff” background_color=”rgba(14,79,136,0.68)” custom_padding=”5px|10px|5px|10px|true|true” border_radii=”on|4px|4px|4px|4px” border_width_all=”1px” global_colors_info=”{}”][/et_pb_post_nav][/et_pb_column][/et_pb_row][/et_pb_section]