45-Minute Training Question is WrongAnswered
We just had all of our staff take the 2016 Kevin Mitnick Security Awareness Trianing - 45 minute program as our annual security awareness training.
One of the question in the training was something like "At work, you receive an email that contains an excel document that you are not expecting what do you do?" (I may have the wording slightly off) but the answer in the program is "That's right! Contact the sender to confirm that it's safe."
That seems like the absolutely wrong answer. If you contact the person who just sent you a phishing email or course they are going to say its safe! Shouldn't it be something more like "Contact your IT or information security department for help verifying the safety of the attachment" or maybe "Contact the sender using their publicly available contact information and NOT replying to the possibly malicious email".
Maybe other will have a different opinion on this though. Thanks!
Thank you for your input. We have forwarded your feedback to our Course Development team for review. In the meantime, please check out our newer versions of this course, 2017 Kevin Mitnick Security Awareness Training - 45min, and the newly-released, 2018 Kevin Mitnick Security Awareness Training - 45min.
I found an issue with one of the answers in a KnowBe4 quiz also. The quiz seems to rule out the answer that indicates Zoom calls as a possible way ransomware can be spread. For sure a meeting hosted by a bad actor can result in the spread of malware and is a social engineering method that this audience should be aware of. Please consider reviewing the material.
Thank you for taking the time to provide this feedback. I have provided this suggestion to our Courseware team for further review. In the meantime, please be sure to keep an eye out for our latest changes here: https://support.knowbe4.com/hc/en-us/articles/115009454228-Security-Awareness-Training-Platform-KMSAT-Change-Log .
Please sign in to leave a comment.