|
|
|
|
|
|
by freedomben
825 days ago
|
|
|
You'll definitely encounter people talking about phishing your own users and enrolling people automatic training. I used to love this approach, but after years of trying it I am actually against it. More often, it serves to embarrass and annoy your users, and it teaches them to be overly paranoid. If you are a bank or something and your people are holding the keys to funds, then maybe that is good. But for everybody else, the cost/benefit analysis comes with a lot of cost (in the form of trust and morale) for that benefit. The best way IMHO is to make a damn fun security awareness training. The best training I've done was basically doing running an "attack" against somebody and going through the whole process like an attacker would, but with the group as passengers and with explanations as I go. Seeing under the hood can be a lot of fun, and can be very enlightening. |
|
|