For us they just make the people that click them do some online training. I don’t think anyone learns anything during that but I suspect not having to do the training serves as a great incentive to be careful.
It doesn’t help though that we’ve had multiple cases of obvious phishing mails everyone just deleted that were followed up by a “no those mails were legit please click the link” by HR…
That is what really irks me. People who write mails exactly like phishing mails.
Just some bland text asking for urgent action, with one link in the middle that is obscured. No signature, no company images, just a name at the bottom.
Better to delete those than to click on actual phishing mails though.
I read an interesting report about how most of these courses are rather ineffective because it adds knowledge but doesn’t change behaviors.
https://www.cybersecuritydive.com/news/cybersecurity-awareness-training-research-flaws/803201/
For us they just make the people that click them do some online training. I don’t think anyone learns anything during that but I suspect not having to do the training serves as a great incentive to be careful.
It doesn’t help though that we’ve had multiple cases of obvious phishing mails everyone just deleted that were followed up by a “no those mails were legit please click the link” by HR…
That is what really irks me. People who write mails exactly like phishing mails.
Just some bland text asking for urgent action, with one link in the middle that is obscured. No signature, no company images, just a name at the bottom.
Better to delete those than to click on actual phishing mails though.
And the link goes to one of the Office 365 things that asks you to sign in every single time for some fucking stupid reason.