15
My company's security drill last month showed me why 'strong' passwords aren't enough
Our IT team ran a fake phishing test, and they sent an email that looked exactly like a Slack login page. I watched 8 people in my 12-person team click the link and type in their passwords without a second thought. The email used our real boss's name and mentioned a project we were all working on. It made me realize that telling people to make a complex password is pointless if they'll just give it away. Has anyone else seen a training exercise that actually changed how their team acts?
3 comments
Log in to join the discussion
Log In3 Comments
wendys161mo ago
Wow, that's so scary but totally believable. A friend at a different company told me their IT team did a similar fake phishing test, but they made it a contest with a small prize for anyone who reported the fake email instead of clicking. He said it completely changed the vibe, because now people are actually competing to be the one to spot the scam first. It turned a boring rule into a kind of game, which made everyone pay way more attention to the sender's email address and weird links. That kind of hands-on trick seems to stick in your brain way better than just another lecture about password strength.
4
terry_lewis211mo agoMost Upvoted
Turn a security drill into a game show with prizes, that's actually genius. My office just sends the scary "you failed" follow-up email that makes you feel like an idiot for a week. Bet people learn more trying to win a coffee card than from that shame.
6
michaelf511mo ago
Honestly that "without a second thought" part is the real problem. The training has to make people stop and actually think.
2