Somewhiteguy

People get mad when they feel like they weren’t ready for training, but to your point, that’s why we train. To make you more aware when the real thing comes. Check all of your links. Verify it’s real before just clicking through.

The issue has come from some companies threatening jobs when people don’t perform properly. I would love it if people saw this as just training and not a personal attack. You fell for the trick now how do you not get tricked next time? It might help if we did a quarterly report and put it on the intranet for people to see how many got clicked. Don’t make it a Wall-of-Shame, but a report to see how good things have been going. Put out sample emails that were the trickiest and what were the tells. Make Security a thing that is a growth aspect, not a shaming tactic.

Oh man. This is brilliant for phishing training. Get through some armor. Don’t let your biases get in the way. You can do a variation around this theme. One could be similar to above. Another is one that says you can opt-into this kind of thing by “Managing Preferences”. You’ll hit a large swath of people without them paying too much attention. I like this.

You see, I’m the guy who gives his opinion in those. The trick is to be actionable. Don’t complain about things you can’t give direct advice on how to correct. Be kind in how you communicate and give the benefit of the doubt in all of the language.

Don’t: Your management style is shit

Do: It is difficult to complete my work with the lack of understanding on the business direction. I would like this communication to come from my direct manager.

“Secret” just like those emails I get from HR asking my opinions about management that are completely anonymous, but don’t forward this email or share the link with anyone else because it’s just for me…