My company's security drill last month showed me why 'strong' passwords aren't enough

Our IT team ran a fake phishing test, and they sent an email that looked exactly like a Slack login page. I watched 8 people in my 12-person team click the link and type in their passwords without a second thought. The email used our real boss's name and mentioned a project we were all working on. It made me realize that telling people to make a complex password is pointless if they'll just give it away. Has anyone else seen a training exercise that actually changed how their team acts?

2 comments

2 Comments

wendys162d ago

Wow, that's so scary but totally believable. A friend at a different company told me their IT team did a similar fake phishing test, but they made it a contest with a small prize for anyone who reported the fake email instead of clicking. He said it completely changed the vibe, because now people are actually competing to be the one to spot the scam first. It turned a boring rule into a kind of game, which made everyone pay way more attention to the sender's email address and weird links. That kind of hands-on trick seems to stick in your brain way better than just another lecture about password strength.

michaelf512d ago

Honestly that "without a second thought" part is the real problem. The training has to make people stop and actually think.