Should phishing tests be changing for the remote workforce?

“Phishing tests don’t teach anybody anything.  They teach the organisation to ignore things.”

Ahead of teissR3 | Resilience, Response and Recovery Online Summit 2020, Vicki Gavin, The Cyber Coach at The Cyber Rescue Alliance, talks to Sooraj Shah about the failings of phishing tests.

teissR3, taking place 15th – 24th September 2020, is the leading event focusing on how you improve your organisation’s cyber resiliency and adopt best-practice in incident response and crisis management in a post-COVID-19 world. Register your place by clicking here.

Video transcript

So with phishing tests and the like, are these changing at all for the remote workforce?

Phishing tests should have changed years ago. So many organisations use phishing tests as a way to educate their staff. Phishing tests are not instructional. They don’t teach anybody anything.

They are absolutely fantastic for an organisation to be able to demonstrate that they’re doing something to test how well prepared their workforce are. But the only thing that anyone is going to learn from a phishing test is how good their information security team is at writing phishing emails. Could they have a job as a phisherman?

The other thing they do is, they teach the organisation to ignore things. Oh, there’s another one from the security team. Ah, I’m going to get them. I’m going to respond to this one.

Copyright Lyonsdown Limited 2021

Top Articles

Making employees part of the solution to email security

Security Awareness Training needs to be more than a box-ticking exercise if it is to keep organisations secure from email threats

Windows Hello vulnerability: Bypassing biometric weakness without plastic surgery

Omer Tsarfati, Cyber Security Researcher at CyberArk Labs, describes a flaw that allows hackers to bypass Windows Hello’s facial recognition Biometric authentication is beginning to see rapid adoption across enterprises…

Legacy systems are holding back your digital transformation

Legacy systems pose a threat to organisational security. IT leaders need to be courageous and recognise the need to upgrade their technology

Related Articles

[s2Member-Login login_redirect=”” /]