Why live phishing tests suck – Reason #1: Unexpected employee reactions.
Pushing emotional triggers in test emails can lead to unexpected results.
Here are some examples I’ve seen happen:
1. Employees contacted unprepared executives directly
2. Employees post on social media to vent about their employers
3. Employees contacted impersonated organizations in a panic
While it may seem like a good idea to test employees exactly as attackers would, in an operational environment, this frequently backfires.
Unexpected employee reactions always take a toll, either in wasted time, lost reputation or added stress.
When testing in an operational environment, make sure to invest in proper communication and contingency planning.
Or, you could consider using a gamified platform that uses immersive, virtual inbox phishing assessments, like Click Armor.
Photo by Bermix Studio on Unsplash
For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges. (Limited time offer. Normally valued at $999 USD)
Use Promo Code: 6WEEKS
Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.