Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

You Need to Protect Your Business

The business is a remarkable thing, but it needs help to function optimally. If you have ten employees and two of them consistently underperform, you could make the case that if you put two higher performers in those spots, the business could be even better. The same goes for its risk management. If you have a couple people who are continuously doing irresponsible and risky things, filling those spots with people who don’t create as much risk would likely reduce your organizational exposure to risk. 

A small business owner has a difficult job. Not only do they need to try and fill their team with people that can do the job, part of that job has to be doing things to protect the company against a potential data breach. If you have a couple of employees that don't understand that this is part of their employment contract, and they don’t do what they need to do to become trained and ready to confront these risky situations, there is virtually nothing that can be done about it other than to replace those people. After all, for a small business, a data breach could be the end game. 

What Is the Purpose of a Phishing Test?

Phishing is the act of sending a fake email, message, or text that entices the end user to take action. By the user clicking on the links and downloading attachments in these phishing messages, hackers gain access to a company’s network; and, from there, can wreak all types of havoc. As a result, businesses have started offering aggressive phishing training, and have seen proven results. With the thousands of data breaches that have happened over the past decade, and the dire consequences these breaches have exacted on many of them, you can understand why. 

1.2 percent of all global email can be labeled suspicious, but worldwide, that adds up to about 3.4 million phishing emails sent every day. That doesn’t say anything of the massive amount of users are exposed to phishing over social media, or through messaging programs. These attacks don’t take a lot of work to produce, so they are sent out en masse, and most are foiled, deleted, or ignored altogether. The problem is that it only takes one. One email can cripple a city’s municipal infrastructure, ground airplanes, and ruin your business.

Since phishing attacks are so common, it stands to reason that continuous training is a good idea; and, most people get it. Most people will go through their whole lives without clicking on hyperlinks they don’t know or downloading attachments from emails that are being sent from strangers. For some reason there are people that just don’t get it, however, and in their attempts to do their job well, they ignore the signs that they are being phished. They just cannot get through these messages unscathed. Since phishing tests are designed to evaluate abilities, not competencies, firing employees who fail phishing tests may not be the best idea for your business’ reputation as employers, but it has to remain an option.

What Companies Do

As you might expect, there are companies that demonstrate a very low tolerance for failed phishing tests. Most of the most stringent happen to work in financial services and healthcare, two of the most regulated industries. Any data breach in these industries come with a lot of additional hand wringing and very well could have lasting and unfortunate effects on their client’s (and therefore the company’s) wellbeing. Of course, initially falling for test phishing emails would (and should) result in reprimand, but if they continue, then isn’t much left to be done than to move on from that employee. 

Unfortunately for these companies, what they fail to realize is that these kinds of behaviors may do nothing to improve their organizational security. Sure, firing someone who has a hard time recognizing a phishing email means he/she can’t expose the company, but who is to say that the person you bring in to fill that person’s position will be able to recognize these types of attacks any better? 

As stated above, most employees will not fall for phishing attacks. Most will excel at awareness training and will effectively protect your business. It is important that management takes the initiative to test employees. You will want to keep their staff well informed and trained on the latest cyberthreats, whether they be a form of phishing or not. 

If you need help putting together a training platform that will both keep morale from plummeting and keep intruders out of your network, call the experts at Central Technology Solutions today at 1-844-237-4300.

A BDR Can Limit Organizational Downtime
How to Properly Train Your Staff to Avoid Phishing...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, October 21 2019

Captcha Image

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Productivity Hosted Solutions Email Privacy IT Services Network Security Malware Data Internet Hackers Data Backup Software Outsourced IT Productivity Innovation Managed IT Services Computer Microsoft Business Data Recovery IT Support IT Support Efficiency Ransomware Mobile Devices Hardware Google Tech Term User Tips Cloud Computing Small Business Business Continuity Backup Phishing Upgrade Internet of Things Communication Collaboration Managed Service Provider Windows 10 Managed IT Services VoIP Remote Monitoring Smartphone Android Paperless Office Business Management Disaster Recovery Workplace Tips Smartphones Data Management Windows 10 Windows Cybersecurity communications Encryption Managed IT Save Money Artificial Intelligence Social Media Server Managed Service Browser BYOD Passwords Facebook Office 365 Saving Money Help Desk Risk Management Mobile Device Miscellaneous BDR App Automation Mobile Device Management Holiday Quick Tips Wi-Fi Document Management Employer-Employee Relationship Compliance Apps Robot Bring Your Own Device Gmail Going Green Business Technology Training Vendor Management Microsoft Office Big Data Network Password Recovery Analytics Virtualization Chrome Laptops Applications Government Firewall Bandwidth Unified Threat Management Healthcare Infrastructure Money Data storage Telephone Systems Content Filtering SaaS Vulnerability Blockchain Information Wireless Processor File Sharing IT Management Redundancy Tip of the week Avoiding Downtime Scam Hosted Solution Antivirus Website Project Management Work/Life Balance VPN Virtual Reality Customer Relationship Management Computing Data Security Regulations Data loss Office IT Service Access Control Information Technology Operating System Printing Computers Gadgets Machine Learning Mobility Storage Windows 7 Tablet RMM Unified Communications Remote Computing Users Files Settings Downtime Customer Service Apple Router Social Two-factor Authentication Politics Digital Payment Remote Monitoring and Management Upgrades LiFi Maintenance Management Education Smart Technology Legal Networking Twitter Net Neutrality Current Events Patch Management Websites Identity Theft Wireless Technology IT solutions Licensing Remote Workers File Management Virtual Private Network Display Network Management Internet Exlporer End of Support Health Sports IoT HIPAA Budget Assessment Bitcoin Server Management Cooperation How To Monitors Alert Mobile Security Electronic Medical Records Consultation Outlook Monitoring Uninterrupted Power Supply Mouse Employees Professional Services Company Culture Google Drive How To Samsung Recycling Spam Utility Computing Word Search WiFi Dark Web Flexibility YouTube Business Growth Chromebook Private Cloud Proactive The Internet of Things Mobile Computing Software as a Service Tech Support Administration Employee-Employer Relationship Hacker Technology Assurance Group ’s 18 Solid State Drive Theft Heating/Cooling IT Consulting ROI Remote Work Computing Infrastructure Point of Sale Deep Learning Network Congestion Solid State Drives Wires Human Error Time Management Return on Investment Cybercrime Cost Management E-Commerce WannaCry Computer Repair Teamwork Virtual Desktop Technology Tips Chatbots Retail Cortana Database Management Microsoft Excel Modem Sync Connectivity Hacking Physical Security Database Sensors Multi-Factor Security Wearable Technology Telephony Alt Codes Vulnerabilities Authentication Distributed Denial of Service Annual Convention Public Cloud Cryptocurrency WPA3 Financial Servers Data Breach 3D Printing Notes Printer Alerts Law Enforcement Enterprise Resource Planning Bookmarks Options Permission Processors Active Directory Travel Hard Drive Features Shared resources Comparison Identity Botnet GDPR Cookies Mobile Device Managment Software Tips Hacks Disaster Trending Office Tips Voice over Internet Protocol Payment Cards Google Calendar Typing Geography Authorization Managed IT Service San Diego Automobile Computer Care Fleet Tracking Procurement Technology Laws Unsupported Software Virus PowerPoint Value of Managed Services Gadget Best Practice Mobile Favorites Mail Merge Update Marketing 5G Test Touchscreen Techology Buisness Windows Server Cache Electronic Health Records VoIP Sponsor OneDrive Specifications Lenovo Social Engineering USB Permissions Nanotechnology Star Wars Telephone Legislation IT Technicians GPS High-Speed Internet Wireless Internet Break Fix Social Networking Windows 8 Save Time Asset Tracking Statistics Mobile Data Managed Services SharePoint Staff Conferencing Address Supercomputer Identities MSP Disaster Resistance Security Cameras User Management Unified Threat Management Hotspot Crowdsourcing Meetings Cyberattacks Digital Obstacle Manufacturing Black Friday Roanoke — Central Technology Solutions Zero-Day Threat Superfish Safety Fraud Screen Reader G Suite History Consulting Dark Data Personal Information Transportation Mobile VoIP Mirgation Tracking Development Employer/Employee Relationships Motherboard Google Maps OneNote Bluetooth Virtual Assistant Vendor Downloads Augmented Reality Taxes Google Wallet Managing Stress Instant Messaging IT Budget Hard Drives Google Docs Tech Terms Proactive IT Notifications Remote Worker Batteries User Error Language eWaste Read Only Spyware Course Hard Disk Drives Cyber Monday technology services provider Cables Backup and Disaster Recovery Black Market Projects Smart Tech Cabling Humor Managed Services Provider Shortcut Migration Emoji Proactive Maintenance Data Warehousing Backups Wasting Time Smart Devices Operations Drones Enterprise Content Management Finance Firefox Writing Error Printers Emergency Web Server CrashOverride Cameras Regulation Motion Sickness Administrator CCTV Relocation Webcam Hard Disk Drive Students IT Consultant