Why Mock Phishing Might Catch You More Grief Than Good With Your Employees

Technology has seeped into all areas of our lives — remote work environments, cell phones, appliances, doorbells, even some thermostats have wireless connectivity. This makes the sheer number of devices a single person manages on a daily basis a little overwhelming. And, with so many devices to monitor, it’s easy to get a little lax on security.

And, if you thought you’d heard the last from the Nigerian Prince trying to separate you from your banking account, don’t let your guard down, he’s still out there.

Both of these issues are BIG concerns for employers as employees are becoming the bigger risk to their company’s private information. So much so, many companies are partnering with their IT providers to launch mock-phishing tests to examine their risk factor.

With a mock-phishing test, employers deploy emails, text messages, and phone calls — or a combination of methods — to employees to see how many will click, reply, or respond to the seemingly legitimate inquiries from the company.

Actual phishing schemes, where malicious hackers do the same — contact you via email, text, or even phone — and pose as a reliable source trying to get you to share your information, are still happening every day.

In fact, the first quarter of 2018 saw a dramatic increase in cyberattacks. While phishing schemes represent a relatively low percentage of the overall attacks, they can be the most damaging. Their methods seem so real to a victim, and they are often successful in gaining access to information and can completely compromise a network if not resolved immediately.

But just because the risk is out there, many companies wonder if conducting a mock test is actually effective in preventing an attack. We’ve weighed a few of the pros and cons:

Pros

1. The obvious: Mock-phishing tests (if well planned) can help expose areas within your work environment that may be failing such as employee email practices, remote work environments, or even interfaces on your office’s copy machines devices.
2. If you have employees who have never experience a phishing attempt, a mock attempt is a risk-free way to demonstrate an attack and reveal how your teams will respond.
3. A mock-phishing test will get your employees talking about phishing schemes for sure and hopefully keep it top of mind when and if an actual attempt were to happen.

Which leads us to the cons…

Cons

1. Mock tests can actually disrupt the normal flow of work in your office. If they know they are going to be tested, your employees might hesitate and agonize over the simple task of opening and responding to email or phone inquiries from actual customers and slow down business.
2. When and if you test, your IT Help Desk could be flooded with calls from panicked employees and be a distraction from an actual security issue.
3. Some employees may not respond well to being “tested” and resent you for not trusting them.

There really is no right or wrong. Mock tests can be great tools for identifying areas that need improvement, or they can be a total waste of time. It’s up to you. 

Regardless, don’t wait to be compromised. Start preparing today with employee training, regular network monitoring to prevent attacks to begin with, and frequent backups of your information. That way, if the unthinkable does happen, you can bounce back quickly.

Whether or not you want to go phishing, every company should know if their network is secure or not. We can help. Contact us for a free network assessment.