Contact Us Today to Receive a Free Dark Web Scan by our Team of Security Experts

Logo
LogoLogo

Failing the Phish Test

  1. Home
  2. Best Practices
  3. Failing the Phish Test
JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection.
Jul 28,2018

Failing the Phish Test

Best Practices, Data Breach, Insider Threats, Security

Phish testing your employees is a vital part of any security awareness program.  It seems logical that by exposing employees to phishing and helping them identify tactics, the chance of anyone in your organization to be phished lessens.  But does it?

When employees who failed phish tests are called out, made to feel poorly or singled out in a group the exact opposite can happen.

End users are the largest, most vulnerable target in most organizations. In real-world attacks, end users are relentlessly bombarded with spear-phishing and socially engineered schemes.

As the champion of your organizations cyber security, it is imperative that these tests be used as teachable moments to educate and encourage your end users.

Use Failure as a Teachable Moment.

Look at the failure of phish testing in a different light: you’ve identified a weakness in your security that can now be remedied.

Effective Phish Testing Checklist

Every phish test should follow some basic tenets in order to educate users:

  1. The links in a phish test campaign should go directly to a site with immediate education.
  2. Do not call out or embarrass users who fail the test.  Public shaming results in decreased threat reporting.
  3. Do not tie user responses to employee evaluation testing.  Doing so can can create resentment towards security, which is not good for the organization.
  4. Offer encouragement and education by directing users to additional training.  This can be optional or required depending on how many times the user has failed.
  5. Provide additional written materials such as articles and information from other sources.
  6. Reward people who report incidents.  This can be as simple as a kudo’s in the company newsletter or even prizes and contests.  Make sure that your organizations culture gives positive support to employees who report incidents.

Protecting Your Network 

JDL Group can help you put in place the right cyber security measures for you and your organization. If you want to learn more about protecting yourself and your employees from phishing campaigns check out our free anti-phishing toolkit.  

References: 

https://www.infosecurity-magazine.com/next-gen-infosec/reward-flag-phish-highlight-failed/

https://www.sophos.com/en-us/products/phish-threat.aspx

 

Cyber SecurityphishingProblem SolvingSecurity
0
Related Posts
Aug 04,2020
Broadband Bonding – Fast, Secure and Reliable Internet Connectivity
COVID-19, Education, Security
May 23,2020
Changes in Education due to pandemic
COVID-19, Education, Security
Mar 02,2020
Phishing Attack + IT Incompetence = $200,000 Ransomware Payout for University
Education, Ransomware, Security, Uncategorized
Feb 18,2020
Why schools are “Failing” in Cyber-Security
Education, Ransomware, Security
Jan 21,2020
Keeping Your Firm Compliant with the New York SHIELD Act Law
Best Practices, Law Firms, Security
Jan 15,2020
Law Firm Security: The Basics
Best Practices, Law Firms, Ransomware, Security
Jan 14,2020
Cyber Attackers Targeting Education
Education, Ransomware, Security
ransomware protection
Nov 19,2019
Email Threats to Harm Law Firms into the Next Decade
Data Breach, Law Firms, MSSP, Security
Nov 18,2019
3 Approaches School Districts Can Take To Protect Against Increasing Cyber Attacks
Best Practices, Education, Security
JDL Essentials for Law Firms Cybersecurity
Nov 12,2019
Essential Practices to Protect Your Law Firm From Cyber Attacks
Best Practices, Data Breach, Law Firms, Security
Security Assessment
Nov 04,2019
Why Security Assessments Are Essential for Law Firms
Best Practices, Law Firms, Security
Ransomware Attack Disrupts Court Cases
Oct 28,2019
TrialWorks Ransomware Attack Disrupts Court Cases and Deadlines
Data Breach, Law Firms, Ransomware, Security
Ways to protect your law firm JDL
Oct 14,2019
5 Ways Law Firms Can Protect Their Sensitive Client Data
Best Practices, Data Breach, Law Firms, Ransomware, Security, Uncategorized
JDL Keys to law firm cybersecurity
Sep 17,2019
Key Steps to Follow for Law Firm Cybersecurity
Best Practices, Data Breach, Law Firms, Security
Aug 28,2019
First Ever 2019 NYSBA Technology Summit
Best Practices, Law Firms, Security
5 Steps to Stop a Breach of Your Law Firm
Aug 08,2019
5 Steps to Stop a Breach of Your Law Firm
Best Practices, Data Breach, Law Firms
Top 3 Reasons Your Law Firm Needs an MSSP
Jul 29,2019
Top 3 Reasons Your Law Firm Needs an MSSP
Best Practices, Law Firms
Healthcare Cyber Security
Apr 10,2019
Managing Risks in Healthcare Cyber Security
Best Practices, Health Care, Security
Mar 21,2019
Three Methods Schools Can Use To Improve Cyber Security
Best Practices, Security
Jan 14,2019
Creating a Cybersecurity Culture
Best Practices, Insider Threats, Security
Jan 02,2019
Small Business Cyber Security
Security
Dec 17,2018
The Rise of SD-WAN
Security
Nov 30,2018
The Corporate Cloud: Cloud Security
Security
Abstract AI Art
Nov 08,2018
The Rise and Risk of IoT Devices in the Workplace
Security
IT Support with two computers
Oct 18,2018
Protecting Your Law Firm in 2019: Part 2
Law Firms, Security
JDL Group | Mobile Security NY, NJ, PA
Sep 04,2018
5 Tips to Keep Your Mobile Workforce Safe and Secure
Best Practices, Insider Threats, Security
Mobile Ransomware graphic
Aug 21,2018
Defining the Eight Most Nefarious Cyber Threats.
Best Practices, Data Breach, Security
World Cup Game
Jun 21,2018
New Phishing Campaigns are Targeting World Cup Fans 
Alerts, Best Practices, Security
data privacy NJ
Jun 07,2018
FBI Issues Malware Public Service Announcement, Learn How to Protect Your Data
Alerts, Best Practices, Security
Server cooling fan
May 23,2018
After Spectre and Meltdown, Google and Microsoft Disclose Another CPU Flaw 
Alerts, Data Breach, Security
JDL Group can help your school or district make sure it is prepared for anything with the latest in endpoint protection.
May 10,2018
Public Schools Are Being Attacked by Hackers More Than Ever
Data Breach, Ransomware, Security
Healthcare Malware Prevention
Apr 24,2018
A New Hacker Group is Targeting the Healthcare Industry and Infecting Medical Equipment with Malware
Data Breach, Health Care, Life Sciences, Ransomware
ransomware protection
Apr 11,2018
Less Than Half of Ransomware Victims Recover Their Data After Paying the Ransom Demand
Best Practices, Ransomware, Security
Atlanta Ransomware | Atlanta Bitcoin Ransom
Mar 27,2018
Atlanta’s Computer Systems Infected with Ransomware, Hackers are Demanding Over $50,000 in Bitcoin
Alerts, Ransomware, Security
Crypto Malware Protection | IT Blog
Feb 28,2018
Hackers are Using Malware to Generate Cryptocurrencies
Security
Spectre and Meltdown Vulnerabilities
Feb 13,2018
Spectre and Meltdown Vulnerabilities: What Happened and How to Secure Your Computers
Security
Jan 29,2018
Insider Threats – Your Organization’s Top Security Risk
Alerts, Best Practices, Data Breach, Security
data breach protection | NYC MSSP
Jan 15,2018
Top 3 Causes of Data Breaches
Data Breach, Security
Dec 20,2017
Battling Ransomware: 3 Tips for Health Care Organizations
Best Practices, Data Breach, Health Care, Life Sciences, Ransomware
patient information data security | medical cyber security
Dec 04,2017
Protecting Patient Information from Ransomware
Best Practices, Data Breach, Ransomware
Nov 20,2017
How to Reduce Your Law Firm’s Cyber Risk
Best Practices, Data Breach, Law Firms, Security
Nov 06,2017
How to Protect Your Law Firm and Clients from Phishing Email Scams
Best Practices, Law Firms, Security
Oct 23,2017
Hackers Hold Entire School District To Ransom
Data Breach, Security
data security firm nj
Oct 16,2017
Responding to a Data Breach Best Practices
Best Practices, Data Breach, Security
Oct 02,2017
Why Law Firms Need to Make Cybersecurity a Priority
Best Practices, Law Firms, Security
Apr 04,2017
Your Business Should Be in the Headlines for the Right Reasons, Not for a Cyber Attack
Security
Mar 29,2017
Tip of the Week: How to Be Active and Proactive With Your Network
Security
IT Security | Cyber Security NJ
Jan 31,2017
The “S” in HTTPS is More Important Than You May Think
Best Practices, Security
IT Security MSSP NYC
Jan 04,2017
3 Compelling Reasons Why Your Business Should Move to the Cloud
Best Practices

Leave a Comment

Your email address will not be published. Required fields are marked *

4 × 1 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.