Testing Your Staff

I hated to do this but it was way too tempting!  I tested my staff by sending out an “educational” phishing scam.  It looked so real, I expected everyone to open it.  Well, to my surprise, only one or two clicked on it, and it wasn’t my technical staff.  Overall, not too bad!

Testing Your Staff

Have you ever thought of testing your staff?  It’s really not a bad idea.  Here are some of the things you can do.  Keep in mind, this is for education, not write ups!!

  1.  Generate a Phishing Scam – Tier3MD can help with this.
  2.  Have someone walk into your clinic and see how far they can get.
  3.  Have someone see how much ePHI they can see from inside your waiting room.
  4.  Test the person who answers the phone by asking questions that involve ePH and see how they answer it.
  5.  Do a spot check on the PC’s and see if/where ePHI is being stored.

These are just a few harmless things you can do, that and save you from a lot of grief down the road.  Educating your staff is a good thing.  I know they may feel foolish, but in the long run, you will all be better off.

Testing Your Staff