Awareness training is often a red herring to blame systemic failures on individual employees. No matter how much training you give, people are still going to click those phishing links. That’s because phishing emails are often indistinguishable from real emails and clicking links is a regular part of their job.
It is much more effective to use technical controls. Prevent phishing emails from ever landing in the inbox. Give employees the proper tools and disable footguns. Have a procedure for when an employee inevitably does get phished.
Our lame IA training is the same tier as the sexual harassment training – a deflection of responsibility, so that when something happens, the company can wash their hands of it and fire everyone involved.
Awareness training is often a red herring to blame systemic failures on individual employees. No matter how much training you give, people are still going to click those phishing links. That’s because phishing emails are often indistinguishable from real emails and clicking links is a regular part of their job.
It is much more effective to use technical controls. Prevent phishing emails from ever landing in the inbox. Give employees the proper tools and disable footguns. Have a procedure for when an employee inevitably does get phished.
Our lame IA training is the same tier as the sexual harassment training – a deflection of responsibility, so that when something happens, the company can wash their hands of it and fire everyone involved.