The Dilemma Should you phish test during the COVID-19 pandemic buy virtual cc, buy live cc with balance
Over the past week or so, I’ve seen a few social media postings and had a few discussions with people who believe that organizations should not phish test users during this time. They feel that the best way to practice “socially responsible awareness training” is to provide simple information-based awareness training and abstain from phish testing. Thoughts like this may be well-intended; but I believe that they are wrong. Here’s why:
Cybercriminals are ramping-up their real attacks right now. This brand-new graph shows the exponential growth of new COVID-19 malicious phishing templates:
So, it is super-important to keep our end-users on their toes. In fact, because cybercriminals are in a COVID-19 feeding frenzy, I’ll be bold enough to say that *not* conducting phishing training during this time amounts to negligence. Cybercriminals prey on stress, distraction, urgency, curiosity, and fear. And they are bringing that full force against your end-users and your organization.
That being said, I totally understand where people are coming from when they feel hesitant to phish test users during this time. Organizations don’t want to add additional stress to their people. They are afraid that they may make employees feel confused or alienated. Totally understandable… and totally addressable. The key factors: your tone and your process.
I’ll address tone first because I believe it is the single most important piece to getting this right. I’ve outlined the critical importance of tone before on webinars, in conference sessions, and in my book . But, because tone is so much easier to feel than to describe, I’ll use a video example.
This is from a COVID-19 awareness project that I kicked-off specifically to help security awareness leaders conduct critical phish testing in a way that feels caring and compassionate. Have a look and hopefully you’ll get a feel for what I mean. This is a pre-campaign message for customers to send to their end-users:
There are a few key aspects that resonate through the videos in this series. In essence, those come down to:
The other key factor that you need to think about is process. Because we’ve entered a ‘new normal,’ you should send out a fresh message to your users letting them know that cybercriminals are having a heyday with COVID-19. And because of this, you are going to help prepare your people for what’s coming.
In essence, your process should be the following:
I hope this was helpful for you. When you engage your employees with the right message and tone, there is nothing to fear; and they will feel a sense of pride in helping protect the organization. That’s all for now. “Keep Calm and Don’t Click. We’re all in this together.”
buy virtual cc buy live cc with balance