Perhaps, but im also wary of these types of things, because i worry that people ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		bawolff on July 31, 2020 \| parent \| context \| favorite \| on: An update on our security incident Perhaps, but im also wary of these types of things, because i worry that people will feel embarassed at being tricked, and will (maybe subconciously) see the internal security team as the enemy, which is also a bad outcome. I also worry that the emails might not represent real attack emails, and we end up training users to identify the test emails but not real attack emails. (Not that i got any better solution)

hutzlibu on July 31, 2020 [–]

Nothing is 100% secure. Having users fail to spot a pishing mail, is a very good training on general awareness, but no guarantee, that they will not make misstakes under pressure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact