So I'm trying to convey to upper management that the use of the Phish Alert button in Outlook is very important because it allows IT to be aware of incoming threats. The response I'm getting to initiating a Phish Alert training campaign (only a 10 min cartoon btw) to those who opened a phishing test message, or did nothing with it is,
"but we are working to change behavior, not get good at training, if our users delete non-related email automatically that would be our end game."
What's everyone opinion on that one?
Is it better for users to just delete and ignore phishing emails?
Or report them to IT using the Phish alert functionally, and Why?
Haven't really found a good article on KnowBe4's site explaining the importance of IT being aware of what's going on, vs just being left in the dark.