PROBLEM: Not everyone can always have a Phish Alert Button; Reporting phishing tests is sometimes used as a metric for an employee's "security score" and for pay evaluations, but it is not reliable if everyone can't always use it.
SOLUTION: Create a PAB email address that users can forward to. This allows anyone at any time to report a suspected phish.
For those who don't have PAB because they use alternate mail clients, or mix personal and work computers and/or web clients, mobile devices, etc, if they could forward to firstname.lastname@example.org to report messages, that would level the playing field.
KnowBe4 could detect the @domain.com and cross-reference that to an active user account for reporting purposes.
-this would not be optimal for those orgs who have multiple PAB instances, but if they've got that level of complexity, they're probably able to ensure everyone actually uses a system with a PAB anyway...
Companies could set up a PAB mailbox and share that as a "contact" so users could forward the message there... but I've not got any ideas on how to make that all jive for reporting purposes yet.
Please sign in to leave a comment.