Presumably you were able to explain your case and have the reprimand expunged from your record. As long as they are reasonable in that way I don't think occasionally testing the people handling sensitive data is a bad idea.
Should it be expunged though? They've indicated they were aware it was quite clearly a phishing attempt, but they still accessed the link. If the test was to see if a user would try accessing the link, then this user failed the test. Why should that be expunged?
Curiosity shouldn't preclude security, and intent shouldn't preclude policy if the operator operated knowingly.
This isn't to attack maxk42, but to engage the question head on.
I was hoping implicit in this statement, along with other contexts offered that this would have been read with "information security" in mind, on me to communicate that better next time.
Curiosity shouldn't preclude security, and intent shouldn't preclude policy if the operator operated knowingly.
This isn't to attack maxk42, but to engage the question head on.