Don't phish your employees because it does more harm than good:
https://www.seancassidy.me/phishing-simulations-considered-harmful.html

Why? A thread:
Phishing simulations are often not realistic because they rely on bypassing anti-phishing controls via allowlists or use insider information.
Phishing simulations put the onus on the employee not to be tricked, rather than on harm reduction like SSO+WebAuthn. Employees don't like being tricked and are busy trying to do their job.
We already know that phishing is effective! Showing it again at your company isn't useful to you or to anyone else. And giving employees phishing training over and over is not a reliable enough way to reduce risk.
What should you do instead?
1. General security awareness training
2. Make phishing emails easy to report
3. Harm reduction if employees do fall for phishes
4. Defang phishes for measurement
5. Avoid shaming victims
You can follow @sean_a_cassidy.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more