The study was run at a hospital, and they said that most people didn’t even bother reading the training, they just opened/closed it to get it off their calendar. They didn’t say how the training was implemented with regards to downtime, but considering how most hospitals are run, I expect that it’s managements fault that nobody actually spent any time on the training.
My office gives everyone downtime specifically for getting training done. They also implemented a phishing test email they sent out on occasion. After the first one got me, you can damn well bet I paid more attention whenever anything else phishy showed up in my inbox.
Yeah we get like 4-5 virtual trainings once a year. Most people just click through them as quickly as possible because they have other work to get done and it’s the same shit from last year.
Isn’t the mandatory training more about shifting blame onto the employee? I thought it was to remove liability for the company so they can say “hey, they fell for it, and we trained them so we did our part.”
Exactly.
Eh, no. Companies don’t give a shit about who’s to blame when everything is encrypted and they’re being blackmailed. And after they mostly care about preventing this from happening again, which is why you have these trainings.
Courts might. I thought it was a liability thing when your customers are trying to sue you for gross negligence in the data loss.
Maybe it is, and I know capitalism isn’t big on forethought, but wouldn’t it be better to not do a negligence in the first place?
Though I guess capitalism is kinda like electricity in that way; it’s not about the best path it’s about the most convenient path.
