Hackers abuse the topicality of the coronavirus for their phishing emails. Do you have to do that as a business during your phishing exercise? This question has been asked a lot the last few days.

Supporters and opponents

The proponents claim that if hackers do it, so should you as a company. Only by sending realistic phishing emails can you prepare your employees properly. But is that really the case? Is it because hackers do it, that you have to do it too? Is that the best way to train your employees and make them aware to better protect your company?

The opponents don’t think it’s a good idea and think it’s unethical. Their reasoning is that if employees start ignoring coronavirus emails (for fear it’s a phishing test email), they might miss out on critical information. After all, it could be a legitimate message from HR or an official body to help you.

No correct answer

There is no right answer: it depends on company to company. Companies, where sufficient trust has already been built up between the IT (security) department and the employees, have a head start to use similar templates. It can also be easier if phishing tests have been done before. The users then realize that this is an exercise that benefits everyone.

Definitely not done

What you should definitely not do now is postpone or interrupt your security awareness program. The consequences of the measures taken by the government (campaign #blijfinuwkot) make all your employees – who are now teleworkers – and therefore your IT company network more vulnerable than ever before. Hackers have no heart and are working overtime during this corona crisis, but as a company, you can miss a second crisis as a toothache.

Our advice

If you’re just starting phishing now, don’t use corona phishing templates. Start with something general. We can advise you on what’s interesting to start with and how to further intensify your campaign. When the corona crisis is over and we are living in less anxious times, you can of course work with the coronavirus templates.

Contact

Interested in planning a phishing awareness session or a phishing test? Or would you like to know how you can maximize the overall security awareness for your company? Please contact us using the form below. We will be happy to answer all your questions!

*You can also count on us during the corona crisis. Take care of yourself!*