Not clicking but not reporting… why reporting suspicious emails is just as important as not clicking phishing emails.
Have you noticed that each month your campaign emails that are sent, clicked and reported don’t quite add up? Do you have a portion of learners who aren't exactly doing the wrong thing by clicking onto phishing emails but also aren't doing the right thing by reporting emails?
This could mean that learners are ignoring, deleting, forwarding or managing these emails in another way. While you may think, at least they aren't clicking onto links or submitting their credentials, this behaviour could be more harmful than you realise.
Reporting emails that may be suspected to be malicious is key to ensuring protection at an individual level but also organisational. A phishing email reported by one learner can be actioned and cleared from all inboxes who have received the same email. When suspicious emails are not managed via the correct process this leaves open opportunity for risk. This is why it's important to monitor and report on reported emails like you do click through rate.
You wouldn’t just walk past a water spill on the ground hoping that the next person will clean it up. When you notice something hazardous it’s important to take actions to protect yourself and your organisation. Don't delete it. Don't ignore it. Report it.
Tips for driving increased reported emails:
- Communications reminder about the Phish Reporter add-in and how to use this.
- Share our "Don't delete it. Don't ignore it. Report it." poster.
- Review the Phish Reporter Report and use this as a key metric for success in reporting, alongside Click Through Rate.
- Phish Focus – reported emails can be cleared from your entire organisation with Phish Clear. Turn your reported emails into learning opportunities with Phish Phlipper.
Comments
Please sign in to leave a comment.