The IT department at Hargreaves Industrial Solutions has marked six consecutive months without a single employee accidentally clicking on a phishing link, a milestone the company’s Chief Information Officer described as being comparable to the sustained effort required to build the Channel Tunnel.
The achievement, which follows a sustained period during which staff routinely provided their passwords to entities claiming to be the Inland Revenue, PayPal, and on one occasion a Nigerian prince seeking investment opportunities, has been commemorated with a small buffet in Meeting Room 3B.
Paul Henderson, Head of IT Security, noted that the department had sent out 47 test phishing emails during the six-month period, including one offering staff the chance to claim a £500 Tesco voucher in exchange for their login credentials. Nobody bit.
“We are cautiously optimistic that our training programme is finally bearing fruit,” Henderson said, whilst refusing to discuss the fifteen-month period between April 2023 and July 2024, which he characterised only as “a difficult time for everyone involved.”
The company has spent approximately £180,000 on cybersecurity awareness training over the past three years. This includes monthly seminars, weekly reminder emails, desktop mousemats featuring common phishing red flags, and a video presented by a former actor from Holby City explaining why IT support would never ask for your password via email, even if the request came with a genuine-looking company logo and a sense of mild urgency.
Jennifer Cookson, a logistics coordinator who has worked at Hargreaves for nine years, admitted that the training had eventually made an impression. “I suppose after the third time you inadvertently compromise the entire company’s data infrastructure, you do start to read emails a bit more carefully,” she said.
The previous record stood at four consecutive months, achieved between November 2022 and February 2023, before someone in accounts opened an attachment claiming to contain their P60. The attachment did not contain a P60.
Henderson confirmed that the IT department would continue sending test phishing emails at irregular intervals, partly to maintain vigilance and partly because crafting increasingly elaborate fake correspondence had become something of a creative outlet for team members. Recent efforts have included a convincing replica of a LinkedIn premium trial offer and an email purporting to be from the company’s Managing Director, requesting that someone urgently purchase £3,000 worth of iTunes gift cards.
The buffet included sandwiches from Pret, some crisps, and a single bottle of Prosecco that remained largely untouched. Henderson said the celebration would be brief as the IT department needed to return to monitoring approximately 340 employees who still, despite everything, insist on using “Password123” as their login credential.