How Do You know? You Test
How many in your workforce would respond appropriately when faced with an email from an imposter? Fifteen percent, 20 percent, 30 percent? If you really want to know what a person would do, especially with a suspicious email, put them in the situation and observe the results. Test them.
People will differ in how they respond to messages. Are they positively incentivized to act? Or are they negatively incentivized? At Cyber Safe Workforce, we call these carrots and sticks. Phishing messages in the carrots group positively influence a person to act. Here are some examples:
- Discounts for leaving feedback
- A chance to win free stuff
- Connecting socially
- Viewing a funny/interesting video
Sticks, on the other hand, threaten negative consequences, such as:
- Account closure unless you act
- Suspicious activity detected, view and disavow
- Make payment or face collections
- Services will be terminated unless you confirm your information
The landscape of phishing has become more sophisticated. Website encryption certificates are free. Services will proofread scam messages. Some email clients and web browsers obscure key parts of messages and websites.
What’s an IT security manager to do? Measure susceptibility, provide quality, on-the-spot training, and continually test the workforce to keep up with the changing threat of electronic social engineering.
If you want to know how many in your workforce are susceptible to phishing, contact us for a free phishing test today.