'CPR' for our Security Awareness Prog.
We started seeing a upward trend on clickers %, less phish reports and training completion is lagging in the past 3 months. I can blame it on the exhaustion some users are experiencing of working from home, they're not paying attention, don't think it's critical or simply, don't put the effort.
This program is pretty significant and visible to our executives and our numbers don't give us good ratings in their eyes.
Are you going through similar situations, any suggestions I can try?
Click ratio is an highly inaccurate measure if you compare different scenarios. Two different scenarios sent at the same population at the same time can have up to 60% of difference in click ratio. So, in order to have a relevant metrics, I use a procedure I have described here: https://www.apalala.be/phishing-exercises-do-we-measure-them-right/
Still, I see sometime a trend going slightly upward at the end of this year. It is barely significant (statistically) and can be done to exhaustion or to a lack of training (optimal seems to be around 1 exercise per month). Habituation is hard to beat, so, I would recommend to change the landing page and insist on the necessity to report and also maybe communicate the results and the slight increase to your users. That might help. Otherwise, you need to understand what is happening, and you talk to your people is probably the best solution. Get a feeling of the situation.
Kirjaudu sisään jättääksesi kommentin.