Let’s face it, very few organizations thought they’d still be in workforce limbo as we near the six-month mark of the pandemic. This situation has stretched many organizations to adopt new modes of work. Most of your employees are also stretched beyond anything they’ve ever prepared for. And the levels of distraction and stress are likely to get worse before they get better.
Early into the pandemic, many organizations put their phishing simulations on hold. They didn’t want to heap further stress or confusion on employees who were already stressed and confused. And, while those intentions were noble, I provided warning that cybercriminals would seize the opportunity and up their game. They did. And that trend continues, with multiple outlets reporting an over 6,000% increase in COVID-19 related phishing.
Now more than ever it is clear that phish testing your users is crucial. I recently read an article in CIO Dive that made that even more clear. Here’s the excerpt that stood out:
“[T]he Mars team ‘debated the living daylights out of this topic,’ said Stanley, ultimately landing on a slight delay in routine exercises.
Typically, Mars launches anti-phishing exercises every six weeks; instead, the company waited 10 weeks before deploying an exercise to employees.
The result? ‘We did see an increase in vulnerability. We did see issues and we expected it,’ said Stanley.”
Mars put-off phish testing their users. And even though their delay was only four weeks past their normal pattern, they saw that their people were more susceptible to attack. At a time when phishing trends are exponentially increasing, you can’t afford to let your employees lose ground. Training your users is like any other type of training in life: at all times you are either building strength or allowing atrophy.
So how do you do it? You can phish test your users without making them feel confused or alienated. It all comes down to your tone and your process. Getting the right tone is a key factor in helping people not feel tricked, targeted, or embarrassed. Your tone, combined with your process, form the totality of how you engage your users in your messaging, training, and follow-up.
Want some practical advice and tools to achieve the right tone and process? Have a look back at my blog from March 31. And, if you have any questions or want specific advice on how to best engage your users or gain executive buy-in for phishing testing, please contact me. I’m always happy to help.
Now let’s get ready to test in 3… 2… 1...