It's not about preventing the phishing, it's about preventing the liability from... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		immibis 4 months ago \| parent \| context \| favorite \| on: Cybersecurity training programs don't prevent phis... It's not about preventing the phishing, it's about preventing the liability from the phishing. If someone can show you didn't follow cybersecurity training best practices, you may be liable for any failure of cybersecurity. Best way to prevent that is to follow the best practices, even if they don't work. A lot of things in the corporate world work this way.

Duanemclemore 4 months ago | [–]

This was my comment as well. It doesn't mean they're -necessarily- going to throw the employee under the bus. But it does get them off the hook.

fooey 4 months ago | [–]

yep, it's all CYA checkbox busywork to send to insurance when something happens

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact