Swati Khandelwal writes in: Phishing Your Employees: Clever way to promote Cyber Awareness that:
A massive 91% of successful data breaches at companies started with a social engineering and spear-phishing attack. A phishing attack usually involves an e-mail that manipulates a victim to click on a malicious link that could then expose the victim’s computer to a malicious payload.
…
Phish your Employees!
Yes, you heard me right… by this I mean that you should run a mock phishing campaign in your organization and find out which employees would easily fall victim to the phishing emails. Then step everyone through Internet Security Awareness Training.
Great idea but we can do better than that!
Phish your job applicants!
You can rank your current applicants by their vulnerability to phishing and in the long term, develop a phishing scale for all applicants.
Those that fail, you don’t call for an interview.
Any more than you would install a doorway into your corporate offices without a door.
Has anyone proposed a phishing rating service? Like a credit rating but it rates how likely you are to be a victim of phishing?
PS: I know your CEO and his buddies will fail the same test but the trick is to catch them before they become CE0s, etc.