19
It'S iMpoRtAnt tO Us
(lemmy.world)
Oh boy, IA training!
Awareness training is often a red herring to blame systemic failures on individual employees. No matter how much training you give, people are still going to click those phishing links. That's because phishing emails are often indistinguishable from real emails and clicking links is a regular part of their job.
It is much more effective to use technical controls. Prevent phishing emails from ever landing in the inbox. Give employees the proper tools and disable footguns. Have a procedure for when an employee inevitably does get phished.
Our lame IA training is the same tier as the sexual harassment training -- a deflection of responsibility, so that when something happens, the company can wash their hands of it and fire everyone involved.
Because the training should be for people who fail the "random" tests not for everyone.
All the test email come from mail.nova.phishme.com so I have an outlook rule that sends all those emails to junk, effectively making the test useless but makes me look like someone who has a 100% reporting rate.
I failed that for a couple years because I didn't report them.
once I figured that out I started to report every email that wasn't project related.
they asked me to stop, I told them no-can-do because I don't want to get dinged for not reporting phishing tests.
they changed their criteria after that 🤣
this post was submitted on 15 Aug 2025
19 points (100.0% liked)
Cybersecurity - Memes
3373 readers
1 users here now
Only the hottest memes in Cybersecurity
founded 2 years ago
MODERATORS