An employee from a company has devised a unique strategy to protect himself from termination threats after failing three phishing tests. The company conducts frequent phishing tests, and failing three results in immediate dismissal, with no chance for appeal. Attempting to sidestep potential job loss, this employee has taken an unusual step: he reports every email from upper management as a phishing attempt.

The employee’s workplace has established an aggressive stance against cybersecurity risks. To maintain a strict compliance culture, the company sends out frequent simulated phishing emails that appear almost identical to legitimate correspondence. For example, if a real email comes from the address domain @homeoffice.com, the phishing email might come from a slightly altered address, like @horneoffice.com. This close resemblance requires employees to stay vigilant to avoid making costly mistakes.
In a bid to ensure he never fails a test again, the employee decided to classify every email from executives as a potential phishing attack, regardless of the sender’s identity. This tactic effectively eliminates any risk of misjudgment on his part, but it has come with significant drawbacks. Remarkably, he has not opened or clicked on an email from his CEO in over nine months. His approach emphasizes his commitment to compliance but raises questions about effective communication within the organization.
The employee’s actions demonstrate the lengths to which individuals will go to safeguard their jobs. By labeling important emails as phishing attempts, he believes he is protecting himself from the harsh repercussions of a false click. However, this method is not without consequences. He risks missing essential updates and directives from the company leaders, particularly as the organization navigates a rapidly changing business environment.
As he continues to tag emails from the C-suite as suspicious, the employee reflects on the implications of this behavior. He understands that by ignoring significant communications, he may inadvertently isolate himself from key discussions and decisions that could impact his role and career trajectory. Yet, the fear of losing his job overshadows the potential pitfalls of his method.
His situation highlights a broader issue about the balance between workplace security and effective communication. While phishing tests are essential for maintaining a secure work environment, an overly aggressive approach can lead to unintended consequences. Employees should not have to choose between compliance and staying informed about their organization’s operations.
One reader noted the absurdity of the situation, saying, “It’s crazy that he hasn’t seen an email from the CEO in nine months. That’s a huge risk for both him and the company.” Another commenter pointed out that this culture of fear could stifle employees’ engagement and communication. They said, “If employees are so scared of being fired, how can they do their jobs effectively?”
The GDPR aspect of this story raises concerns as well. The General Data Protection Regulation mandates strict guidelines on how personal data is shared and stored. In this case, the employee’s strategy may raise questions about whether the company is fostering an environment where employees can feel secure in their communications without worrying about severe consequences for mistakes. The employee might be adhering to his unique compliance plan, but it also suggests an unhealthy atmosphere where legitimate emails become suspect.
As these patterns continue, the employee faces a choice. Will he eventually reconsider his strategy and start engaging with executive emails again? Or will he remain in his self-imposed isolation, prioritizing job security over direct communication with leadership? For now, he is left weighing the risks and rewards of his approach.
More from Vinyl and Velvet:



Leave a Reply