Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

You Need to Protect Your Business

The business is a remarkable thing, but it needs help to function optimally. If you have ten employees and two of them consistently underperform, you could make the case that if you put two higher performers in those spots, the business could be even better. The same goes for its risk management. If you have a couple people who are continuously doing irresponsible and risky things, filling those spots with people who don’t create as much risk would likely reduce your organizational exposure to risk. 

A small business owner has a difficult job. Not only do they need to try and fill their team with people that can do the job, part of that job has to be doing things to protect the company against a potential data breach. If you have a couple of employees that don't understand that this is part of their employment contract, and they don’t do what they need to do to become trained and ready to confront these risky situations, there is virtually nothing that can be done about it other than to replace those people. After all, for a small business, a data breach could be the end game. 

What Is the Purpose of a Phishing Test?

Phishing is the act of sending a fake email, message, or text that entices the end user to take action. By the user clicking on the links and downloading attachments in these phishing messages, hackers gain access to a company’s network; and, from there, can wreak all types of havoc. As a result, businesses have started offering aggressive phishing training, and have seen proven results. With the thousands of data breaches that have happened over the past decade, and the dire consequences these breaches have exacted on many of them, you can understand why. 

1.2 percent of all global email can be labeled suspicious, but worldwide, that adds up to about 3.4 million phishing emails sent every day. That doesn’t say anything of the massive amount of users are exposed to phishing over social media, or through messaging programs. These attacks don’t take a lot of work to produce, so they are sent out en masse, and most are foiled, deleted, or ignored altogether. The problem is that it only takes one. One email can cripple a city’s municipal infrastructure, ground airplanes, and ruin your business.

Since phishing attacks are so common, it stands to reason that continuous training is a good idea; and, most people get it. Most people will go through their whole lives without clicking on hyperlinks they don’t know or downloading attachments from emails that are being sent from strangers. For some reason there are people that just don’t get it, however, and in their attempts to do their job well, they ignore the signs that they are being phished. They just cannot get through these messages unscathed. Since phishing tests are designed to evaluate abilities, not competencies, firing employees who fail phishing tests may not be the best idea for your business’ reputation as employers, but it has to remain an option.

What Companies Do

As you might expect, there are companies that demonstrate a very low tolerance for failed phishing tests. Most of the most stringent happen to work in financial services and healthcare, two of the most regulated industries. Any data breach in these industries come with a lot of additional hand wringing and very well could have lasting and unfortunate effects on their client’s (and therefore the company’s) wellbeing. Of course, initially falling for test phishing emails would (and should) result in reprimand, but if they continue, then isn’t much left to be done than to move on from that employee. 

Unfortunately for these companies, what they fail to realize is that these kinds of behaviors may do nothing to improve their organizational security. Sure, firing someone who has a hard time recognizing a phishing email means he/she can’t expose the company, but who is to say that the person you bring in to fill that person’s position will be able to recognize these types of attacks any better? 

As stated above, most employees will not fall for phishing attacks. Most will excel at awareness training and will effectively protect your business. It is important that management takes the initiative to test employees. You will want to keep their staff well informed and trained on the latest cyberthreats, whether they be a form of phishing or not. 

If you need help putting together a training platform that will both keep morale from plummeting and keep intruders out of your network, call the experts at Central Technology Solutions today at 1-844-237-4300.

A BDR Can Limit Organizational Downtime
How to Properly Train Your Staff to Avoid Phishing...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, August 20 2019

Captcha Image

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Cloud Business Computing Productivity Hosted Solutions Email Malware IT Services Privacy Network Security Hackers Data Internet Software Data Backup Outsourced IT Productivity Managed IT Services Computer Business Microsoft IT Support Innovation Data Recovery Ransomware Mobile Devices Hardware Efficiency Tech Term IT Support User Tips Google Cloud Computing Business Continuity Backup Small Business Upgrade Collaboration Internet of Things Managed Service Provider Windows 10 Android Communication Business Management Remote Monitoring Phishing Smartphone Smartphones Disaster Recovery VoIP Paperless Office Managed IT Managed IT Services Save Money Artificial Intelligence Encryption Data Management Social Media Workplace Tips Windows 10 Windows communications Browser Server Cybersecurity Facebook Mobile Device BYOD Risk Management Office 365 App Mobile Device Management Holiday Quick Tips Saving Money BDR Passwords Automation Virtualization Analytics Applications Laptops Help Desk Network Government Firewall Document Management Unified Threat Management Wi-Fi Chrome Employer-Employee Relationship Compliance Robot Bandwidth Bring Your Own Device Managed Service Training Business Technology Apps Vendor Management Microsoft Office Gmail Password Recovery IT Management Avoiding Downtime Big Data Tip of the week Scam Healthcare Project Management Antivirus Money Infrastructure Miscellaneous SaaS Hosted Solution Data storage Telephone Systems Website Going Green Vulnerability Blockchain Information Wireless File Sharing Processor Content Filtering RMM Remote Computing Files Settings Apple Customer Service Router Unified Communications Social Two-factor Authentication Users Politics VPN Virtual Reality Work/Life Balance Customer Relationship Management Downtime Computing Data Security Regulations Data loss Office IT Service Access Control Information Technology Operating System Printing Computers Storage Windows 7 Tablet Sports Google Drive How To Samsung Word Redundancy Chromebook Flexibility Gadgets Business Growth Private Cloud Proactive Software as a Service Tech Support The Internet of Things Mobile Computing Hacker Smart Technology Spam Digital Payment Remote Monitoring and Management Upgrades Maintenance Management WiFi Websites Identity Theft Wireless Technology Legal Networking Twitter Net Neutrality YouTube Current Events Patch Management Licensing Remote Workers Virtual Private Network Display Administration Network Management Internet Exlporer End of Support Health Budget Assessment LiFi IoT HIPAA Education How To Monitors Bitcoin Server Management Cooperation IT solutions Machine Learning Mobility Alert Mobile Security Electronic Medical Records Mouse Employees Consultation Outlook Monitoring Uninterrupted Power Supply Company Culture Manufacturing Black Friday Roanoke — Central Technology Solutions Supercomputer Identities MSP Disaster Resistance Security Cameras User Management Unified Threat Management Hotspot Crowdsourcing Meetings Recycling Cyberattacks Digital Obstacle Marketing Mirgation Tracking Development Zero-Day Threat Superfish Safety Fraud Screen Reader G Suite History Utility Computing Consulting Search Dark Data Personal Information Transportation Google Wallet Managing Stress Instant Messaging Employer/Employee Relationships Dark Web Buisness Motherboard Google Maps OneNote Bluetooth Virtual Assistant Downloads Augmented Reality Taxes Hard Disk Drives Cyber Monday technology services provider IT Budget Hard Drives Google Docs Tech Terms Proactive IT Notifications Remote Worker User Error Language eWaste Read Only Spyware Course Migration Cables Backup and Disaster Recovery Black Market Projects Smart Tech Cabling Humor Managed Services Provider Shortcut Drones Enterprise Content Management Finance Firefox Writing Emoji Proactive Maintenance Data Warehousing Backups Employee-Employer Relationship Wasting Time Operations Network Congestion Solid State Drives Technology Assurance Group ’s 18 Solid State Drive Theft Heating/Cooling IT Consulting ROI Computing Infrastructure Point of Sale Deep Learning Teamwork Technology Tips Chatbots Wires Human Error Time Management Return on Investment Cybercrime Cost Management E-Commerce WannaCry Computer Repair Alt Codes Vulnerabilities Authentication Retail Cortana Database Management Microsoft Excel Modem Sync Connectivity Hacking Physical Security Database Multi-Factor Security Wearable Technology Telephony Options Distributed Denial of Service Annual Convention Public Cloud Cryptocurrency WPA3 Financial Servers Data Breach 3D Printing Notes Printer Alerts Law Enforcement Enterprise Resource Planning Bookmarks Shared resources Comparison Identity Botnet Permission Processors Active Directory Travel Hard Drive Features Typing Geography Authorization GDPR Cookies Mobile Device Managment Software Tips Hacks Disaster Trending Office Tips Voice over Internet Protocol Google Calendar Mobile Favorites Mail Merge Update 5G Managed IT Service San Diego Automobile Computer Care Fleet Tracking Procurement Technology Laws Unsupported Software Virus PowerPoint Virtual Desktop Gadget Best Practice OneDrive Specifications Test Touchscreen Techology Windows Server Cache Electronic Health Records VoIP Sponsor GPS High-Speed Internet Lenovo Social Engineering USB Permissions Nanotechnology Star Wars Legislation IT Technicians Conferencing Address Wireless Internet Break Fix Social Networking Windows 8 Save Time Asset Tracking Statistics Mobile Data Professional Services SharePoint Staff Relocation Webcam Hard Disk Drive Students IT Consultant Error Printers Emergency CrashOverride Web Server Cameras Regulation Motion Sickness Administrator CCTV