We have several group e-mail addresses where several users can access the e-mail account. We are trying to figure out if someone using one of those accounts were to fail a phishing attempt how to handle training. Since they log in with a general user account we would have no idea how to identify who clicked on a link. Accounts range anywhere from 2 or 3 users to around 10. Any suggestions?
My first suggestion is stop sharing accounts, this is a dangerous bad practice.
Provide each person with their own account and create distribution lists that would send the email to these individuals. You should be able to permit them to send as the distribution list if that is really needed.
The problem with shared accounts is you don’t know who is doing what. Auditing is impossible. This is why PCI prohibits this practice.
Thomas - unfortunately that is not an option nor am I able to change the minds of those in charge of that.
Do you have a KnowBe4 account?
- Jessica S.
Managed Services / Community Manager
yes we do have an account