Conducting a 'phishing scam test' in the office would rather adversely affect operations
'Phishing scam' is a scam for the purpose of stealing credit card information, usernames and passwords of specific web services, etc. Many adopt a method of sending URL links to fake sites via email. You While phishing scams can hit the entire company, sending test phishing scams to the company and penalizing employees who clicked on fake URLs would rather adversely affect operations. It is to give
Should Failing Phish Tests Be a Fireable Offense? — Krebs on Security
PhishLab , which offers employee education courses against phishing scams, also offers 'tests' to prevent phishing scams. Usually, this test is for employees who are caught in phishing emails, but it is rather a task to take punitive action on employees who are caught in phishing emails and are forced to take the exam. Adversely affect, says PhishLab CEO John LaCour.
According to LaCour, many companies are conducting 'phishing tests' that send temporary phishing e-mails to employees and see what they're doing like 'the hook problem', but such a test Is wrong. Not only does the phishing test tell us how to deal with phishing emails, it also detracts from employee motivation.
Like LaCour, Rohyt Belani, CEO of Cofense, who provides security services against phishing scams, says 'Phishing testing creates a crack between the security department and the other departments.' According to Belani, it is perceived that this type of exam is aimed at personnel assessment rather than security, and that other departments' employees may become uncooperative or rebellious against the security department. What to do.
In addition, the service provided by Cofense is that employees are reporting that 'This email is a phishing email' and sharing information. However, in many cases, employees have judged that 'This email is a phishing email because it was forwarded to a phishing site when the URL in the email was clicked.' If 'click on the URL to the phishing website' itself is subject to personnel evaluation deductions, the employee will hide that he has clicked on the phishing email URL, and as a result 'which email Information is not shared, and the security is actually adversely affected.
PhishLab recommends that employees who complete a phishing course be given an incentive to give small gifts such as gift cards and presents, and a small bonus, in order to motivate employees about phishing scams. It is
in Security, Posted by log1k_iy