Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Data Breach
  • Don’t Warn Your Co-Workers About That Phishing Test
  • Data Breach

Don’t Warn Your Co-Workers About That Phishing Test

4 years ago Bob Covello
Don’t Warn Your Co-Workers About That Phishing Test

It is October 2021, and another Cybersecurity Awareness Month is upon us. With so much having occurred over the last year, we should all be experts in personal cybersecurity protection. After all, when our homes became our primary business location, it all became very personal.

I once worked at a company that prohibited me from offering personal cybersecurity advice. They reasoned that if I offered a person any advice such as using a password manager, setting up a credit freeze, or using multi-factor authentication on every 2FA-capable site and something went wrong, the company could be held liable for that advice. I suppose that, from their perspective, they had a valid point. Contrarily, to many security experts, the “security begins at home” approach made a lot of sense; teach a person how to be more cyber secure in their daily lives, and they will carry those habits to the workplace. It took a pandemic to shift the corporate mindset to align with that sentiment.

The full-time remote workforce became keenly aware that a threat to their corporate cybersecurity could easily reflect directly into their home computing setup. A person could no longer safely think that an action they took during work hours would have no impact on their personal computing environment. While many larger corporations could afford to take measures to protect their networks from the perils of all of the home devices joining the corporate network, some of the small- and medium-sized businesses lacked the resources to accomplish any added measures of protection.

During Cybersecurity Awareness Month, we will see plenty of good advice about how to protect ourselves on the internet. Security sites and social media will once again be abuzz with all of the things that we should all do to remain safe online. One hidden area where we can have lasting change in personal security is with the response to simulated phishing exercises that companies use to test cybersecurity awareness. 

Most of the phishing exercises are often met with a groan by the office staff. In the past, when a person recognized that the test was underway, they would immediately shout to their office mates, warning them that a phishing test was in progress and that they should all be on the lookout for the phishing message. This was an excellent way to be a good office mate. After all, no one wants to be embarrassed by being the person who clicks that crafty link devised by the nefarious security team. Unfortunately, this defeated the entire exercise. 

One way to combat the shouted warning was to set the phishing campaign to target only a small percentage of people at a time within the organization. This could offer truer results, but it was labor-intensive to set up and maintain relevant testing lists. It was also imprudent to constantly create new lists to change the audience for each new campaign.

With the emergence of the fully remote workforce, a person could no longer shout across the cubicle walls to warn everybody else of the phishing test. Sure, an e-mail to the co-workers may work, but not as rapidly as the well intentioned verbal warning. We all want to warn others of impending danger, but the only danger of failing a phishing test is the perceived pain of reviewing the cybersecurity awareness training.

As people slowly return to work, this is a great opportunity to educate the staff that warning their neighbor of a phishing simulation exercise is almost as bad as other poor security practices such as sharing a password. It’s a good idea to warn about a dangerous e-mail, but failing to warn a person about a phishing test could reasonably create a safer work environment by reinforcing awareness for those who are caught by that test.

Here’s wishing everyone a happy Cybersecurity Awareness Month!

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Don’t Warn Your Co-Workers About That Phishing Test” appeared first on TripWire

Source:TripWire – Bob Covello

Tags: Medium Severity, Phishing, TripWire

Continue Reading

Previous Facebook Outage Drags Down Instagram, WhatsApp, Messenger, Oculus VR
Next Ransomware Hackers Who Attacked Over 100 Companies Arrested in Ukraine

More Stories

  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery

15 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk

17 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities

18 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

How Samsung Knox Helps Stop Your Network Security Breach

20 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

22 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Data Breach
  • Vulnerabilities

Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries

1 day ago [email protected] (The Hacker News)

Recent Posts

  • China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
  • CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
  • Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
  • How Samsung Knox Helps Stop Your Network Security Breach
  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT