Phish testing: What to do about so-called “repeat offenders”

Are phishing simulations pentesting for humans or training? What’s more effective with those folks who can’t stop themselves from clicking on everything: “name and shame” or a private, personal coaching session? We’ve seen it all: organizations that have terminated internet access (or even employees) and employers that take an educational approach to phishing. What’s your opinion? How do you deal with phishing repeat offenders? Does the term “repeat offender” offend you? Or are you frustrated your employer hasn’t fired more people for clicking even after numerous training sessions?

This episode of the Cyber Work podcast is a rebroadcast of a Spiceworks webinar featuring Tory Dombrowski, an IT director known as “the diabolical one” for his phish testing schemes, and Lisa Plaggemier, chief evangelist for Infosec. In this podcast, they discuss:

  • Is it ever a good idea to terminate habitual clickers?
  • How to protect your org from click-happy employees
  • Training techniques and escalation methods

Additional Resources

– Join us in the fight against cybercrime: https://www.infosecinstitute.com
– Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast
– Check out our Spiceworks page: https://community.spiceworks.com/pages/infosec

About the Cyber Work Podcast

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.


*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Maeve Ryan. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/WaQAtU-vAKE/