24
My company's new 'mandatory' security training felt like a total waste of time
Last month, our IT department rolled out a required 30-minute video course on spotting phishing emails. It was the same old stuff: check the sender, look for bad grammar, don't click weird links. I've been doing this job for years and felt it was just a box-ticking exercise. But then, a guy in shipping who took the same training flagged a real invoice scam email that looked legit, saving the company a few thousand bucks. So now I'm split. On one side, it seems like basic common sense that doesn't need a formal course. On the other, that one catch proved it can actually work for some people. Is mandatory, generic training the best way to go, or should companies focus more on targeted, hands-on drills for different teams?
3 comments
Log in to join the discussion
Log In3 Comments
samjohnson1mo agoTop Commenter
Honestly, that shipping guy's story is the whole point. If it saves the company from one real scam, the whole boring video was worth it. I get why it feels like a box-ticking exercise, but most people just won't pay attention unless it's mandatory. @grace508's idea for real phishing tests is good in theory, but that just turns into another annoying task from IT. Sometimes the boring, basic stuff works because it has to reach everyone, not just the people who already get it.
5
sean_hill91mo ago
Forget the boring video, just send fake phishing emails to test us. That's how you actually learn.
5