We have phishing tests all the time on my work email. If you fail it, you have to take an online course. If you fail it twice, it's escalated higher. I believe if you fail 3, your internet privileges are revoked.
Everyone at my company has to take a quarterly IT security test. It’s 10-20 multiple choice questions. You keep taking it until you get 100%. It’s security theater. First, the questions are extremely stupid.
For example, “if you lose your computer, what should you do?”
1) immediately tell your supervisor
2) wait until your supervisor asks why you’re not responding to emails
It’s absurd.
Second, you can just guess all of the answers until you get to 100%. If it’s a 10 question test, nine of them will be obvious. One will be worded weird. Just keep guessing that one until you get it right.
It’s asinine.