Get Started Today!  (415) 295-4898

croom new

415 IT Blog

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

You Need to Protect Your Business

The business is a remarkable thing, but it needs help to function optimally. If you have ten employees and two of them consistently underperform, you could make the case that if you put two higher performers in those spots, the business could be even better. The same goes for its risk management. If you have a couple people who are continuously doing irresponsible and risky things, filling those spots with people who don’t create as much risk would likely reduce your organizational exposure to risk. 

A small business owner has a difficult job. Not only do they need to try and fill their team with people that can do the job, part of that job has to be doing things to protect the company against a potential data breach. If you have a couple of employees that don't understand that this is part of their employment contract, and they don’t do what they need to do to become trained and ready to confront these risky situations, there is virtually nothing that can be done about it other than to replace those people. After all, for a small business, a data breach could be the end game. 

What Is the Purpose of a Phishing Test?

Phishing is the act of sending a fake email, message, or text that entices the end user to take action. By the user clicking on the links and downloading attachments in these phishing messages, hackers gain access to a company’s network; and, from there, can wreak all types of havoc. As a result, businesses have started offering aggressive phishing training, and have seen proven results. With the thousands of data breaches that have happened over the past decade, and the dire consequences these breaches have exacted on many of them, you can understand why. 

1.2 percent of all global email can be labeled suspicious, but worldwide, that adds up to about 3.4 million phishing emails sent every day. That doesn’t say anything of the massive amount of users are exposed to phishing over social media, or through messaging programs. These attacks don’t take a lot of work to produce, so they are sent out en masse, and most are foiled, deleted, or ignored altogether. The problem is that it only takes one. One email can cripple a city’s municipal infrastructure, ground airplanes, and ruin your business.

Since phishing attacks are so common, it stands to reason that continuous training is a good idea; and, most people get it. Most people will go through their whole lives without clicking on hyperlinks they don’t know or downloading attachments from emails that are being sent from strangers. For some reason there are people that just don’t get it, however, and in their attempts to do their job well, they ignore the signs that they are being phished. They just cannot get through these messages unscathed. Since phishing tests are designed to evaluate abilities, not competencies, firing employees who fail phishing tests may not be the best idea for your business’ reputation as employers, but it has to remain an option.

What Companies Do

As you might expect, there are companies that demonstrate a very low tolerance for failed phishing tests. Most of the most stringent happen to work in financial services and healthcare, two of the most regulated industries. Any data breach in these industries come with a lot of additional hand wringing and very well could have lasting and unfortunate effects on their client’s (and therefore the company’s) wellbeing. Of course, initially falling for test phishing emails would (and should) result in reprimand, but if they continue, then isn’t much left to be done than to move on from that employee. 

Unfortunately for these companies, what they fail to realize is that these kinds of behaviors may do nothing to improve their organizational security. Sure, firing someone who has a hard time recognizing a phishing email means he/she can’t expose the company, but who is to say that the person you bring in to fill that person’s position will be able to recognize these types of attacks any better? 

As stated above, most employees will not fall for phishing attacks. Most will excel at awareness training and will effectively protect your business. It is important that management takes the initiative to test employees. You will want to keep their staff well informed and trained on the latest cyberthreats, whether they be a form of phishing or not. 

If you need help putting together a training platform that will both keep morale from plummeting and keep intruders out of your network, call the experts at 415 IT today at (415) 295-4898.

A BDR Can Limit Organizational Downtime
How to Properly Train Your Staff to Avoid Phishing...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, January 27 2020

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Productivity Best Practices Business Computing Data Backup Data Network Security IT Support Hosted Solutions Privacy Cloud Data Recovery Software IT Services Email Malware Outsourced IT Internet Managed IT Services Efficiency Tech Term Innovation Business Windows 10 User Tips Computer Upgrade Small Business Hackers Cloud Computing Microsoft Hardware Collaboration Phishing Mobile Devices Business Management Cybersecurity Workplace Tips Ransomware Google Business Continuity VoIp Managed Service Paperless Office Backup Smartphones Server Android Communication Office 365 Managed Service Provider Remote Monitoring Encryption Managed IT Communications Internet of Things Holiday BDR Passwords Data Management Artificial Intelligence Business Technology Vulnerability Disaster Recovery Mobile Device Miscellaneous Laptops Managed IT services Help Desk Wi-Fi Government Windows 7 Document Management Browser Quick Tips Save Money Smartphone Saving Money Healthcare Applications Facebook Employer-Employee Relationship Scam Information Compliance Redundancy Tip of the week Bandwidth Microsoft Office Avoiding Downtime Automation Antivirus Network Project Management Blockchain Social Media Processor Software as a Service Two-factor Authentication RMM Maintenance VPN Chrome Analytics Vendor Management Access Control IT Management Windows Router Customer Relationship Management Data Security BYOD Machine Learning Virtualization Website Infrastructure Data Loss Net Neutrality Alert Company Culture Unified Threat Management Tablet File Management Proactive Internet Exlporer Dark Web IoT Networking Mobility Monitoring Regulations Smart Technology Payment Cards Search Management Server Management Remote Monitoring and Management Hard Drive Financial File Sharing Operating System Files Professional Services Training Virtual Private Network OneDrive Gadgets Social Network Employees Storage Mobile Security Assessment HIPAA Utility Computing Unified Communications Consulting Downtime Bring Your Own Device Word Network Management Employee-Employer Relationship Users Patch Management Consultation The Internet of Things Managed Services Provider Gmail Co-Managed IT Apps Risk Management Remote Workers Cooperation Password Recycling Apple Heating/Cooling IT MSP Finance IT Technicians Cost Management Techology Windows Server Point of Sale Tech Terms Motherboard Chromebook Break Fix Employer/Employee Relationships Optimization Conferencing Connectivity Permissions Database Trending Cyber Monday Staff Hard Disk Drives Sensors Cookies Cables Microsoft Excel Notes Statistics Human Error Migration eWaste Computing Infrastructure Technology Laws Printing Multi-Factor Security Proactive Maintenance Solid State Drive Servers Business Telephone Authentication Outlook Disaster Resistance User Management E-Commerce Theft Vulnerabilities Augmented Reality Emergency Virtual Machines Meetings Google Calendar Fraud Voice over Internet Protocol Projects Electronic Medical Records Managing Stress Printer Solid State Drives Remote Worker Nanotechnology Wires PowerPoint Display Bluetooth OneNote Permission Chatbots Computing Alerts Unified Threat Management Value of Managed Services Recovery Cybercrime Cyber security IT Assessment Authorization Mirgation Travel Shortcut Proactive IT Teamwork Information Technology Features Mobile Computing Virtual Reality Credit Cards Politics Wearable Technology Star Wars Return on Investment Spam Enterprise Content Management Firewall Options Telephone Office Private Cloud App Lenovo How To Test Identity Theft Enterprise Resource Planning Comparison Licensing Managed Services Flexibility Samsung Database Management Websites WPA3 Cache Technology Tips IT Consulting Shared resources Going Green Electronic Health Records Procurement Geography Data Warehousing Computers Instant Messaging Legislation Settings Personal Information Social Networking Distributed Denial of Service SharePoint 5G Mobile VoIP Bookmarks ROI Screen Reader Superfish Virtual Assistant Bitcoin Identity Specifications Mail Merge User Error Manufacturing Vendor Windows Server 2008 High-Speed Internet Operations GDPR SaaS Fleet Tracking Zero-Day Threat Remote Computing Digital Payment Hotspot Data Breach Batteries Cyberattacks Social Modem Holidays Customer Service Tech Support Transportation Active Directory Mobile Device Management G Suite Managed IT Service Downloads Wireless Internet Big Data Favorites Smart Tech Wasting Time Current Events Touchscreen Hacking Wireless Mobile Black Friday Address WiFi Smart Devices Development Money Time Management Asset Tracking Backup and Disaster Recovery Mouse Language CIO applications Remote Work Read Only Security Cameras Education CEO Printers Twitter Students Daniel Stevens Marketing Digitize Regulation

Latest Blog

All work and no play makes Jack a dull boy, as the saying goes, but is this really useful advice if you’re trying to keep Jack, Jill, and the rest of your team engaged in the workplace? As it happens, it is! Let’s explore how you can use gamification to your business’ benefi...

Latest News

We are proud to announce that 415 IT and our CEO, Daniel Stevens, were recently featured by CIO Applications. We discussed how and why we serve our clients, as well as some sneak peeks for our future. Read our interview by visiting:  https:...