18 décembre 2019
Ce document est lié à :
info:eu-repo/semantics/altIdentifier/doi/10.1371/journal.pone.0224216
info:eu-repo/semantics/OpenAccess
Aurélien Baillon et al., « Informing, simulating experience, or both : A field experiment on phishing risks », HAL-SHS : droit et gestion, ID : 10.1371/journal.pone.0224216
Cybersecurity cannot be ensured with mere technical solutions. Hackers often use fraudulent emails to simply ask people for their password to breach into organizations. This technique, called phishing, is a major threat for many organizations. A typical prevention measure is to inform employees but is there a better way to reduce phishing risks? Experience and feedback have often been claimed to be effective in helping people make better decisions. In a large field experiment involving more than 10,000 employees of a Dutch ministry, we tested the effect of information provision, simulated experience, and their combination to reduce the risks of falling into a phishing attack. Both approaches substantially reduced the proportion of employees giving away their password. Combining both interventions did not have a larger impact.