Testing 1… 2… 3…

Perry_Carpenter_CartoonLet’s face it, very few organizations thought they’d still be in workforce limbo as we near the six-month mark of the pandemic. This situation has stretched many organizations to adopt new modes of work. Most of your employees are also stretched beyond anything they’ve ever prepared for. And the levels of distraction and stress are likely to get worse before they get better.

Early into the pandemic, many organizations put their phishing simulations on hold. They didn’t want to heap further stress or confusion on employees who were already stressed and confused. And, while those intentions were noble, I provided warning that cybercriminals would seize the opportunity and up their game. They did. And that trend continues, with multiple outlets reporting an over 6,000% increase in COVID-19 related phishing.

Now more than ever it is clear that phish testing your users is crucial. I recently read an article in CIO Dive that made that even more clear. Here’s the excerpt that stood out:

“[T]he Mars team ‘debated the living daylights out of this topic,’ said Stanley, ultimately landing on a slight delay in routine exercises.

Typically, Mars launches anti-phishing exercises every six weeks; instead, the company waited 10 weeks before deploying an exercise to employees.  

The result? ‘We did see an increase in vulnerability. We did see issues and we expected it,’ said Stanley.”

Mars put-off phish testing their users. And even though their delay was only four weeks past their normal pattern, they saw that their people were more susceptible to attack. At a time when phishing trends are exponentially increasing, you can’t afford to let your employees lose ground. Training your users is like any other type of training in life: at all times you are either building strength or allowing atrophy.

So how do you do it? You can phish test your users without making them feel confused or alienated. It all comes down to your tone and your process. Getting the right tone is a key factor in helping people not feel tricked, targeted, or embarrassed. Your tone, combined with your process, form the totality of how you engage your users in your messaging, training, and follow-up.

Want some practical advice and tools to achieve the right tone and process? Have a look back at my blog from March 31. And, if you have any questions or want specific advice on how to best engage your users or gain executive buy-in for phishing testing, please contact me. I’m always happy to help.

Now let’s get ready to test in 3… 2… 1...

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing, COVID-19

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews