Testing employees with fake emails designed to highlight the issue of phishing is unhelpful and can damage the relationship between companies and employees, which is crucial for security, says Professor Steven Murdoch (UCL Computer Science).
Read: New York Times