Cybersecurity is important, but efforts to test employees on their tech detective skills can do more hard than good. For instance, imagine how employees might feel if an email offers them a cash bonus for good work and when they click on the link, they discover it’s a phishing test and they’re rewarded with a extra cybersecurity training instead.
While phishing tests are common…and necessary, using questionable tactics can hurt worker trust, morale, and engagement. To test cybersecurity without hurting employee relations, experts suggest three tips:
- Test teams, not individuals. The phishing test should focus on teamwork and the need to work together to protect security.
- Don’t embarrass or shame anyone. Instead, create a culture of learning and information sharing. Use tests as an opportunity to recognize good cybersecurity practices instead of punishing individuals who make mistakes.
- Gamify and reward. Use team-based competitions to create positive cybersecurity cultures.
