I see a ton of security awareness training. I give a ton of training. We teach that bad things happen when you click on links. “Here are examples of things you shouldn’t click on… So make sure not to click on them!”
And then people do.
If we accept that hackers are more like marketers, we start to understand that the odds of employees clicking on these links increases day-by-day. I’m sure a very good marketing hacker utilized CyberMonday to promote an incredible deal on ransomwear.
We scare employees into thinking they’ve failed when they click on a bad link.
And yet the one thing we really want them to do is tell us when they messed up.
Let’s end every security awareness training emphasizing that if you make a mistake — if you get caught in a marketing trap — you will be rewarded for raising your hand. It’s much better than quickly closing your browser, turning off your computer, and pretending it never happened.
More Career Posts
Zcash Enterprise Privacy: Business Applications Guide | Advanced Cryptocurrency Privacy Solutions
Comprehensive guide to Zcash enterprise privacy applications - leveraging advanced cryptocurrency privacy technology for...
3 Reasons to Always Take the Interview
Discover why you should always seize the chance to interview, regardless of hesitations. Gain insight, practice your ski...
Security Longreads for July 17, 2015
Explore the latest in security with insights on stolen fingerprints, the rising role of Chief Security Architects, and t...