Testing Assumptions About Security Awareness

You are here

Testing Assumptions About Security Awareness

Advisor
Posted December 6, 2011 in Cutter Business Technology Journal

It's clear that our once-a-year, work-your-way-through-a-slide-set approach to computer security training doesn't work. Even with this training, people still write down their passwords, click on links in emails from untrusted sources, and download free software with unknown provenance. For example, last year, 10,000 New York State employees were sent a phishing email to test their ability to recognize suspicious email and links. Three-quarters of the recipients opened the email, and 17% clicked on the embedded link.