We found out that 10% of our users entered their password.

You are viewing a single thread.
View all comments View context
2 points

If someone is consistently falling for phishing emails (real, or from the IT department), shouldn’t that person eventually be fired? Isn’t that a punishment?

If there is neither a punishment nor a reward, what is the incentive to learn? Some people may not need one. Many others do.

I agree that a single failure resulting in the loss of significant income might be harsh, but I think there needs to be a way to convince people to take the issue seriously, and a punishment of some kind is therefore always warranted (e.g. eventual firing).

You can balance out the issue by creating a reward system as well, e.g. if you report all of the test emails sent to you in a year (i.e. not just ignore them), your bonus is increased by X% or something. Similarly, if you report an actual phishing email, your bonus is increased by some percent, even if you initially fell for it. I think it is possible to foster a consciousness and honest culture, with a system that includes punishments.

permalink
report
parent
reply

Cybersecurity - Memes

!cybersecuritymemes@lemmy.world

Create post

Only the hottest memes in Cybersecurity

Community stats

  • 13

    Monthly active users

  • 80

    Posts

  • 1.2K

    Comments