We found out that 10% of our users entered their password.
I’m 100% so far at my job, but we had one test that tricked somewhere around 30% of employees. They spoofed everyone’s supervisor and made it look like an urgent Teams message was pending.
Usually, if you get phished you lose your bonus. They made an exception that one time.
You lose your bonus? What basement-dwelling neanderthal executive came up with that hogwash?
To be fair, my job involves very sensitive medical data. We’ve seen entire businesses shut down because of data breaches.
Phishing simulations should be about educating employees, not punishing them. Train them on what they missed and if training material is available check where it might be lacking. Nobody learns from having their bonus taken away. It also only serves to stimulate a culture were people prefer not reporting possible security issues they might have caused, in order to avoid further pay cuts.
I dunno…If you’re in a position to get a bonus, you should be smart enough to not click on random links and enter your work password.
I am extremely pro-worker but I would be fuckin pissed if an employee so easily gave a potential hacker access to our systems and that’s what the test is for
I can only imagine how frustrating it would be to get a financial punishment for clicking on links.