"While getting hacked by teenagers sitting in a Russian government warehouse presents an exotic threat, disgruntled employees are still a more likely threat. Good job pissing everyone off! Oh, and HR must be super excited to learn that no one will ever fill out an employee survey again because IT has conditioned them to auto-delete internal communications. Discretion is the better part of valor, folks. Not every potential threat should be the basis of a test."
"According to RollOnFriday, one firm decided to use the holiday season in a pfishing test/disgruntled employee accelerator. Browne Jacobson, a UK-based law firm with over 800 lawyers, had the bright idea, the week before Christmas, to email employees promising a £100 Christmas voucher to anyone who filled out their employee feedback survey. Clicking the link revealed - surprise! - a cybersecurity training exercise. Merry Christmas! Your reward is humiliation!"
"There should be no guessing. Running "gotcha" tests just poisons the well. If the firm's position is "we will never offer you money via email," then say that! Blast that message every quarter. "All compensation and bonus announcements will be delivered in person or through [specific verified channel]. If you receive an email promising money, it's a scam." That's actually useful guidance and builds institutional trust."
Phishing attacks pose growing risks to law firms, potentially exposing client data and triggering costly consequences. Effective firm cybersecurity rests on two pillars: employee education and a culture of disciplined, security-conscious staff. Simulated phishing that mimics internal incentives can backfire by humiliating staff, eroding trust, and discouraging participation in legitimate communications. Tests that rely on deception can condition employees to delete internal messages and poison employee–HR relations. Clear, repeated policies about how compensation and official announcements are delivered, paired with targeted training and verified communication channels, build institutional trust and reduce risk.
Read at Above the Law
Unable to calculate read time
Collection
[
|
...
]