How do others conduct phishing tests ?  Do you punish employees when they fail ?

285 views1 Upvote2 Comments

CEO in Services (non-Government), 2 - 10 employees
Yes we do phishing tests. It is a must for every employee to do this at joining and refresh every so many months. For people who fail they need to complete a security training in XX days.
2 1 Reply
Senior Director, Defense Programs in Software, 5,001 - 10,000 employees

I think this fits compliance standards and what many do… but how do we feel about the effectiveness? 🤔 With this style, do we see fewer ‘fails’ over time or just new employees getting trained?


Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
44.8k views132 Upvotes322 Comments

SANS newsletters24%

CISA-supported newsletters41%

Center for Internet Security (CIS) Newsletter44%

Schneier on Security19%

Brian Krebs23%


AWS Security Digest35%

MITRE 360 Newsletter5%

ChatGPT or variation15%

Elon Musk3%

Other (please share in comments)3%