Sometimes security awareness training is ineffective. Sometimes it’s considered in poor taste.
For example, in a move that was criticized earlier this year, newspaper giant Tribune Publishing sent out a phishing simulation to staff. The “lure” was the promise of a bonus between $5,000 and $10,000. The email instructed employees to log in to “view your end of year bonuses.” And when they did, they received a notification of enrollment in a computer security training program. However, the awareness campaign raised eyebrows because Tribune Publishing had recently laid off and furloughed many employees.
Perry Toone, founder of email service firm TheXYZ, says a similarly disastrous experiment with…