Best response to Phishing emails? Opinions?
So I'm trying to convey to upper management that the use of the Phish Alert button in Outlook is very important because it allows IT to be aware of incoming threats. The response I'm getting to initiating a Phish Alert training campaign (only a 10 min cartoon btw) to those who opened a phishing test message, or did nothing with it is,
"but we are working to change behavior, not get good at training, if our users delete non-related email automatically that would be our end game."
What's everyone opinion on that one?
Is it better for users to just delete and ignore phishing emails?
Or report them to IT using the Phish alert functionally, and Why?
Haven't really found a good article on KnowBe4's site explaining the importance of IT being aware of what's going on, vs just being left in the dark.
-
The metric that describes what you want to happen is "Mean time to Detect". If your security team (or IT team from the sound of it) doesn't know about the phishing message that has ransomware in it then it hasn't been detected.
The metric that we currently track in our organization is the "number of users who reported" because that number is honestly the most important. If they reported the email, they recognized it was phishing attempt and wanted to protect the organization incase another user didn't recognize it.
If a user reports a malicious email fast enough, more often than not we can just go and delete message across the organization before most people even see it.
Please sign in to leave a comment.
Comments
1 comment