Google Sending Phishing Emails to Test Employees Has More Downsides

TapTechNews May 24th news, many enterprises often test the 'emergency response ability' of employees by sending phishing emails, but Google recently released a report claiming that this approach has more disadvantages than advantages and the actual effect is not good.

It is known that many companies will make a batch of phishing emails in such tests and plant 'bombs' in the email links to monitor which employees click on the links in the emails or download the attachments, and these employees will then be required to undergo 'intensive training'. But Matt Linton, Google's security manager, points out that this kind of test similar to a fire drill actually has many negative impacts and only increases the distress of employees and the workload of the information security department.

Matt Linton said that there is currently no evidence to show that such tests help reduce the probability of enterprises being attacked by phishing emails. TapTechNews learned from the report that taking Google itself as an example, although a large number of phishing email tests have been implemented in these years, there are still many employees who clicked on the phishing emails sent by hackers.

From a technical perspective, in order to conduct phishing tests, enterprise IT administrators need to reduce system privileges and establish a 'leaky' mass email whitelist. If these whitelists accidentally fall into the hands of real hackers, it will increase the risk instead.

Researchers also said that this kind of test greatly increases the workload of the information security department, because the cost of mass emailing and recording user behaviors instead takes up the time and operational bandwidth of the relevant company departments. In addition, employees may also reduce trust due to the company's information security department 'teasing' them, resulting in a 'cry wolf' situation, which is not conducive to the company's security in the long run.