Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Note also that fake phishing emails is not the only way to train people against phishing. Arguable traditional training (i.e. explain and show the trainee examples in a setting where the trainee knows this is a demo) is both a better way to teach about the risk and protection, and is less harmful.

I used to work as a life guard and we would conduct training scenario every month at least. And we would never do live training (i.e. training scenario without knowing it is training). There are several reasons, first is safety. You would be putting workers in an unessisary risk. Second is stress, and third is that there is little evidence that we would walk away from the training having learned anything.

So if you believe phishing is a serious threat to your security, that is still no excuse to deliver fake phishing emails to your workers.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: