Mr. Brian Honan:

It would. There are various different options available. Organisations can purchase different products and use them to send simulated phishing emails to their staff. If people click on the link or attachment, it reports back to the person who ran the test to say, for example, that 10% of the user base fell for this, and the organisation will need to target them with more training. Organisations need to be very careful how they run those programmes. They do not want to be seen to be targeting certain individuals or people might think they are being harassed. Organisations also need to be careful with the lures they use. I have heard of companies using emails with attachment titles like “Job Cuts”, “Next Year's Bonuses” or “Free Covid Vaccines” when vaccines were short during Covid, which means everybody is going to click on that. It should not be a competition to catch somebody out. It should be an educational tool.

From a corporate point of view, and stepping into my role as CEO of BH Consulting, we test security for our clients. We try to hack into their systems, similar to the way criminals would do. Both physically and virtually, we have broken into client environments to try to identify weaknesses and improve them.