How To Successfully Phish Your Own Firm
CSOs share advice, war stories on internal simulated phishing attacks for user awareness training.
"In the early days of simulated phishing, people were more cavalier when they deployed this," says Perry Carpenter, a former Gartner security awareness analyst who is now working as a security expert in the financial sector. "When you do this in a cavalier way without any forewarning and want to exact some kind of penalty [for users who fall for the attacks], then users just feel like you are out to get them. You don't want to be in that situation."
That doesn't mean taking the fire-drill approach and alerting users that a fake phishing attack is scheduled for Monday at 9 a.m. -- you need some element of surprise... Read full story on Dark Reading
Post a comment to the original version of this story on Dark Reading