this post was submitted on 19 Aug 2024
192 points (99.5% liked)

Cybersecurity - Memes

1975 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

We found out that 10% of our users entered their password.

you are viewing a single comment's thread
view the rest of the comments
[–] JoeyJoeJoeJr@lemmy.ml 2 points 3 months ago

If someone is consistently falling for phishing emails (real, or from the IT department), shouldn't that person eventually be fired? Isn't that a punishment?

If there is neither a punishment nor a reward, what is the incentive to learn? Some people may not need one. Many others do.

I agree that a single failure resulting in the loss of significant income might be harsh, but I think there needs to be a way to convince people to take the issue seriously, and a punishment of some kind is therefore always warranted (e.g. eventual firing).

You can balance out the issue by creating a reward system as well, e.g. if you report all of the test emails sent to you in a year (i.e. not just ignore them), your bonus is increased by X% or something. Similarly, if you report an actual phishing email, your bonus is increased by some percent, even if you initially fell for it. I think it is possible to foster a consciousness and honest culture, with a system that includes punishments.