Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

You Need to Protect Your Business

The business is a remarkable thing, but it needs help to function optimally. If you have ten employees and two of them consistently underperform, you could make the case that if you put two higher performers in those spots, the business could be even better. The same goes for its risk management. If you have a couple people who are continuously doing irresponsible and risky things, filling those spots with people who don’t create as much risk would likely reduce your organizational exposure to risk. 

A small business owner has a difficult job. Not only do they need to try and fill their team with people that can do the job, part of that job has to be doing things to protect the company against a potential data breach. If you have a couple of employees that don't understand that this is part of their employment contract, and they don’t do what they need to do to become trained and ready to confront these risky situations, there is virtually nothing that can be done about it other than to replace those people. After all, for a small business, a data breach could be the end game. 

What Is the Purpose of a Phishing Test?

Phishing is the act of sending a fake email, message, or text that entices the end user to take action. By the user clicking on the links and downloading attachments in these phishing messages, hackers gain access to a company’s network; and, from there, can wreak all types of havoc. As a result, businesses have started offering aggressive phishing training, and have seen proven results. With the thousands of data breaches that have happened over the past decade, and the dire consequences these breaches have exacted on many of them, you can understand why. 

1.2 percent of all global email can be labeled suspicious, but worldwide, that adds up to about 3.4 million phishing emails sent every day. That doesn’t say anything of the massive amount of users are exposed to phishing over social media, or through messaging programs. These attacks don’t take a lot of work to produce, so they are sent out en masse, and most are foiled, deleted, or ignored altogether. The problem is that it only takes one. One email can cripple a city’s municipal infrastructure, ground airplanes, and ruin your business.

Since phishing attacks are so common, it stands to reason that continuous training is a good idea; and, most people get it. Most people will go through their whole lives without clicking on hyperlinks they don’t know or downloading attachments from emails that are being sent from strangers. For some reason there are people that just don’t get it, however, and in their attempts to do their job well, they ignore the signs that they are being phished. They just cannot get through these messages unscathed. Since phishing tests are designed to evaluate abilities, not competencies, firing employees who fail phishing tests may not be the best idea for your business’ reputation as employers, but it has to remain an option.

What Companies Do

As you might expect, there are companies that demonstrate a very low tolerance for failed phishing tests. Most of the most stringent happen to work in financial services and healthcare, two of the most regulated industries. Any data breach in these industries come with a lot of additional hand wringing and very well could have lasting and unfortunate effects on their client’s (and therefore the company’s) wellbeing. Of course, initially falling for test phishing emails would (and should) result in reprimand, but if they continue, then isn’t much left to be done than to move on from that employee. 

Unfortunately for these companies, what they fail to realize is that these kinds of behaviors may do nothing to improve their organizational security. Sure, firing someone who has a hard time recognizing a phishing email means he/she can’t expose the company, but who is to say that the person you bring in to fill that person’s position will be able to recognize these types of attacks any better? 

As stated above, most employees will not fall for phishing attacks. Most will excel at awareness training and will effectively protect your business. It is important that management takes the initiative to test employees. You will want to keep their staff well informed and trained on the latest cyberthreats, whether they be a form of phishing or not. 

If you need help putting together a training platform that will both keep morale from plummeting and keep intruders out of your network, call the experts at 415 IT today at (415) 295-4898.

A BDR Can Limit Organizational Downtime
How to Properly Train Your Staff to Avoid Phishing...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, September 16 2019

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Data Backup Hosted Solutions IT Support Network Security Data Cloud Privacy Data Recovery Software IT Services Outsourced IT Email Malware Internet Managed IT Services Tech Term Business Computer User Tips Innovation Hackers Windows 10 Small Business Business Management Cloud Computing Microsoft Ransomware Efficiency Collaboration Paperless Office Upgrade Phishing Mobile Devices Android Google Hardware Managed Service Provider VoIp Remote Monitoring Encryption Server Business Continuity Managed Service Smartphones Workplace Tips Managed IT Communication Communications Backup Artificial Intelligence Office 365 Vulnerability Managed IT services Passwords Wi-Fi Help Desk Save Money Document Management Quick Tips Data Management Healthcare Cybersecurity Browser Applications Saving Money Laptops Business Technology Holiday Internet of Things Scam Tip of the week Government Bandwidth Automation Microsoft Office Compliance Antivirus Blockchain BDR Smartphone Processor Employer-Employee Relationship Project Management Information Mobile Device Disaster Recovery Router VPN Analytics Windows 7 Vendor Management IT Management BYOD Avoiding Downtime Website Access Control Customer Relationship Management Windows Data Security Infrastructure Social Media RMM Two-factor Authentication Chrome Storage Monitoring Redundancy Maintenance HIPAA Bring Your Own Device Mobility Remote Monitoring and Management Financial Machine Learning Server Management Networking Operating System Professional Services Training Mobile Security Employees Unified Communications Recycling Downtime Assessment Files Virtual Private Network Users The Internet of Things Company Culture Network Management Gmail Network Risk Management Cooperation Consultation Word Remote Workers IoT Facebook Software as a Service Net Neutrality Regulations Patch Management Management Tablet File Sharing Internet Exlporer Data Loss Dark Web Alert Proactive Unified Threat Management Smart Technology Meetings Voice over Internet Protocol Projects Cache Servers Electronic Medical Records Computing Alerts Solid State Drives Geography PowerPoint Display Utility Computing OneNote Permission Travel Value of Managed Services Social Networking Technology Laws Remote Worker Virtual Reality Recovery Emergency Multi-Factor Security Authorization Teamwork Information Technology Identity Bluetooth Outlook Disaster Resistance Features Firewall Cybercrime Screen Reader Politics Return on Investment Remote Computing Comparison Licensing Options Modem High-Speed Internet Printer Tech Support Search How To Test Technology Tips OneDrive Managed Services G Suite Unified Threat Management Office Private Cloud Data Warehousing Flexibility Smart Tech Gadgets WPA3 Legislation Shared resources Going Green Mobile Shortcut Proactive IT Electronic Health Records Procurement Distributed Denial of Service Database Management Instant Messaging Settings Personal Information Websites Consulting Specifications 5G Development Virtual Assistant Bitcoin IT Technicians Cost Management Lenovo Employee-Employer Relationship Digital Payment Hotspot Manufacturing Vendor Motherboard Chromebook Bookmarks ROI Operations Connectivity Samsung Fleet Tracking Zero-Day Threat Virtualization Batteries IT Consulting Cyberattacks Social Managed IT Service GDPR Customer Service Transportation Active Directory Migration eWaste SaaS Managed Services Provider Mobile Device Management Black Friday Wireless Internet Cookies Cables SharePoint Money Wasting Time Current Events Superfish Wireless Mouse Language Password Vulnerabilities Mail Merge User Error Favorites Apps Asset Tracking Backup and Disaster Recovery CIO applications Remote Work Managing Stress Touchscreen Hacking Data Breach Read Only Security Cameras Break Fix Downloads MSP Finance Permissions Windows Server Chatbots Time Management Point of Sale Tech Terms Cyber Monday Staff Employer/Employee Relationships Nanotechnology Wires Microsoft Excel Database Miscellaneous Mirgation Hard Drive Heating/Cooling Computing Infrastructure Hard Disk Drives Mobile Computing Address WiFi Conferencing Notes Wearable Technology Star Wars Human Error File Management Spam Enterprise Content Management Trending Printing Augmented Reality Authentication Google Calendar Fraud User Management Identity Theft Enterprise Resource Planning Statistics Techology E-Commerce Theft Proactive Maintenance App Daniel Stevens Marketing Regulation Twitter Smart Devices Education Sensors CEO Printers Students

Latest Blog

Managed services offer businesses an improved means of obtaining and managing the technology they rely on. With data being so important to the modern business, much of this technology is devoted to storing, securing, and leveraging this data. Working with a managed service p...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...