undefined | Better HN

0 pointsjedberg6y ago0 comments

Definitely worth trying! Just want to help you set expectations. :)

0 comments

Did you try punitive disincentives?

A better approach is to turn it into a game: reward those who report suspected phishing emails, security breaches, tailgating into secure areas, USB devices left around, etc. and have red teams doing this stuff periodically. Punitive measures don't really work. Friendly competition with rewards does work, though.

johnwheeler6y ago

that's a good point :D

jedbergOP6y ago

In our case we were educating and protecting our customers. It's usually bad policy to carry out punitive punishment on your customers. :)

In fact, the worst offenders were actually rewarded. They were the only ones who had two factor auth for their eBay accounts. Back then we didn't have soft tokens -- the only way to do 2 factor was to get a physical RSA token, which cost about $10 at the time. So only the "best" customers were worth the cost.

rwmurrayVT6y ago

The company sends out fake phishing emails. The same people keep falling for it... I suppose the outlined punishments are not strictly enforced.

BenjaminN6y ago

Thanks!

j / k navigate · click thread line to collapse

0 comments

johnwheeler6y ago

Did you try punitive disincentives?

brobinson6y ago

johnwheeler6y ago

that's a good point :D

jedbergOP6y ago

In our case we were educating and protecting our customers. It's usually bad policy to carry out punitive punishment on your customers. :)

rwmurrayVT6y ago

The company sends out fake phishing emails. The same people keep falling for it... I suppose the outlined punishments are not strictly enforced.

BenjaminN6y ago

Thanks!

j / k navigate · click thread line to collapse