Contact Us Today! 1-844-237-4300

Central Technology Solutions Blog

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks that you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

You Need to Protect Your Business

The business is a remarkable thing, but it needs help to function optimally. If you have ten employees and two of them consistently underperform, you could make the case that if you put two higher performers in those spots, the business could be even better. The same goes for its risk management. If you have a couple people who are continuously doing irresponsible and risky things, filling those spots with people who don’t create as much risk would likely reduce your organizational exposure to risk. 

A small business owner has a difficult job. Not only do they need to try and fill their team with people that can do the job, part of that job has to be doing things to protect the company against a potential data breach. If you have a couple of employees that don't understand that this is part of their employment contract, and they don’t do what they need to do to become trained and ready to confront these risky situations, there is virtually nothing that can be done about it other than to replace those people. After all, for a small business, a data breach could be the end game. 

What Is the Purpose of a Phishing Test?

Phishing is the act of sending a fake email, message, or text that entices the end user to take action. By the user clicking on the links and downloading attachments in these phishing messages, hackers gain access to a company’s network; and, from there, can wreak all types of havoc. As a result, businesses have started offering aggressive phishing training, and have seen proven results. With the thousands of data breaches that have happened over the past decade, and the dire consequences these breaches have exacted on many of them, you can understand why. 

1.2 percent of all global email can be labeled suspicious, but worldwide, that adds up to about 3.4 million phishing emails sent every day. That doesn’t say anything of the massive amount of users are exposed to phishing over social media, or through messaging programs. These attacks don’t take a lot of work to produce, so they are sent out en masse, and most are foiled, deleted, or ignored altogether. The problem is that it only takes one. One email can cripple a city’s municipal infrastructure, ground airplanes, and ruin your business.

Since phishing attacks are so common, it stands to reason that continuous training is a good idea; and, most people get it. Most people will go through their whole lives without clicking on hyperlinks they don’t know or downloading attachments from emails that are being sent from strangers. For some reason there are people that just don’t get it, however, and in their attempts to do their job well, they ignore the signs that they are being phished. They just cannot get through these messages unscathed. Since phishing tests are designed to evaluate abilities, not competencies, firing employees who fail phishing tests may not be the best idea for your business’ reputation as employers, but it has to remain an option.

What Companies Do

As you might expect, there are companies that demonstrate a very low tolerance for failed phishing tests. Most of the most stringent happen to work in financial services and healthcare, two of the most regulated industries. Any data breach in these industries come with a lot of additional hand wringing and very well could have lasting and unfortunate effects on their client’s (and therefore the company’s) wellbeing. Of course, initially falling for test phishing emails would (and should) result in reprimand, but if they continue, then isn’t much left to be done than to move on from that employee. 

Unfortunately for these companies, what they fail to realize is that these kinds of behaviors may do nothing to improve their organizational security. Sure, firing someone who has a hard time recognizing a phishing email means he/she can’t expose the company, but who is to say that the person you bring in to fill that person’s position will be able to recognize these types of attacks any better? 

As stated above, most employees will not fall for phishing attacks. Most will excel at awareness training and will effectively protect your business. It is important that management takes the initiative to test employees. You will want to keep their staff well informed and trained on the latest cyberthreats, whether they be a form of phishing or not. 

If you need help putting together a training platform that will both keep morale from plummeting and keep intruders out of your network, call the experts at Central Technology Solutions today at 1-844-237-4300.

A BDR Can Limit Organizational Downtime
How to Properly Train Your Staff to Avoid Phishing...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, July 05 2020

Captcha Image

By accepting you will be accessing a service provided by a third-party external to

Join our mailing list!

  • Company Name *
  • First Name *
  • Last Name *

      Mobile? Grab this Article!

      QR-Code dieser Seite

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Productivity Cloud Data Privacy Hosted Solutions Network Security IT Services Data Backup Email Internet Malware Hackers Software Efficiency IT Support Business Outsourced IT Innovation Microsoft Data Recovery Computer Hardware Mobile Devices Productivity Managed IT Services Business Continuity IT Support Small Business Google Upgrade Cloud Computing Backup Ransomware Cybersecurity Tech Term User Tips Communication Collaboration Phishing Managed IT Services Smartphone Managed Service Provider Disaster Recovery Windows 10 Business Management Workplace Tips Internet of Things Mobile Device VoIP Smartphones Android Paperless Office Social Media Data Management Remote Monitoring Browser Encryption Managed IT Managed Service Quick Tips communications Facebook Artificial Intelligence Office 365 Save Money Windows 10 Windows Server Network Saving Money Virtualization Miscellaneous BDR Risk Management BYOD Help Desk Holiday Wi-Fi Passwords Compliance Business Technology Microsoft Office Mobile Device Management Users Automation Windows 7 Government Document Management Apps Vendor Management App Health Password Remote Work Healthcare Training Analytics Chrome Recovery Firewall Bandwidth Avoiding Downtime Applications Unified Threat Management Laptops Bring Your Own Device Employer-Employee Relationship Gmail Going Green Robot Data Security Office Big Data Blockchain Computers Mobility Storage File Sharing Apple IT Management Hosted Solution Redundancy Tip of the week Information Website Processor Scam Antivirus Money Project Management Computing Data storage Content Filtering Two-factor Authentication Infrastructure Telephone Systems Information Technology SaaS Regulations Data loss Vulnerability Wireless Employee-Employer Relationship Remote Computing Machine Learning Unified Communications Settings Access Control Tablet Downtime Meetings Social Files Hard Drive Flexibility OneDrive IoT Customer Service Covid-19 VPN Virtual Reality Politics Software as a Service Router Company Culture Work/Life Balance Budget Maintenance Customer Relationship Management RMM Virtual Private Network Printing Operating System IT Service Gadgets Proactive Alert Electronic Medical Records Google Drive HIPAA Data Storage File Management Uninterrupted Power Supply Management Cooperation Consultation Remote Monitoring and Management Spam Business Growth Mobile Security WiFi Remote Workers How To Samsung Payment Cards YouTube Mobile Computing Word Search Hacker Co-Managed IT Chromebook Administration Solid State Drive Education Current Events Private Cloud Dark Web Professional Services Managed Services LiFi Wireless Technology Legal Augmented Reality Tech Support Electronic Health Records IT solutions Monitoring Upgrades The Internet of Things Employees Twitter Digital Payment Patch Management Time Management Networking Websites Identity Theft Smart Technology Remote Worker Recycling Mobile Office Data Breach Sports Utility Computing Consulting Licensing Net Neutrality Display Bitcoin End of Support Network Management Outlook Mouse Assessment Server Management Managed Services Provider Internet Exlporer Social Network How To Monitors Touchscreen Techology Automobile Computer Care Database Cookies Sensors VoIP Sponsor Enterprise Content Management Finance Identities Gadget Google Calendar Database Management Shadow IT Theft Social Engineering USB Managed IT Service Notes San Diego Options Laptop Holidays Lenovo GPS Specifications Active Directory Statistics Cost Management E-Commerce Mobile Data Google Wallet Shared resources Windows Server 2008 Address Wires Human Error Disaster Resistance Connectivity Permissions Voice over Internet Protocol Nanotechnology Digital Obstacle Vulnerabilities Authentication Hard Drives Google Docs Legislation IT Technicians GDPR Outsourcing WPA3 Financial Safety Humor Supercomputer Break Fix PowerPoint Social Networking Value of Managed Services Enterprise Resource Planning Bookmarks Dark Data Personal Information Crowdsourcing SharePoint Staff 5G Remote Working IT Superfish Backups Tracking Black Friday Roanoke — Central Technology Solutions Windows Server Bluetooth Features Drones G Suite Unified Threat Management History Hotspot Permission Proactive IT Notifications Deep Learning Google Maps Fraud Screen Reader Telephone Spyware Course Geography Authorization Taxes Mirgation Video Conferencing Fleet Tracking Procurement Black Market IT Budget Motherboard Shortcut Mobile Favorites Downloads Wireless Internet Business Telephone Emoji Cyber Monday Security Cameras technology services provider User Management Cache Alt Codes User Error Cabling Language Manufacturing Optimization Firefox Virtual Desktop Test Writing Biometric Heating/Cooling IT Consulting Star Wars Transportation Smart Tech Mobile VoIP High-Speed Internet Network Congestion Cryptocurrency Migration Asset Tracking Data Warehousing Virtual Assistant Vendor WannaCry Conferencing Computer Repair Point of Sale Operations Employer/Employee Relationships Peripheral IT Assessment Retail Cortana Hacks Technology Assurance Group ’s 18 Batteries Hacking Cyberattacks Physical Security Typing Cybercrime Computing Infrastructure Hard Disk Drives Virtual Machines MSP Chatbots Projects Gamification Servers 3D Printing Best Practice Sync Cyber security Development Zero-Day Threat Telephony Technology Tips Marketing OneNote Processors Public Cloud Microsoft Excel Wasting Time Modem Smart Devices Managing Stress Instant Messaging Law Enforcement Multi-Factor Security Wearable Technology Proactive Maintenance PCI DSS Digitize Botnet Distributed Denial of Service ROI Annual Convention Disaster Trending Buisness eWaste Read Only Office Tips Travel Printer Alerts Solid State Drives Outsource IT Credit Cards Tech Terms Comparison Identity Return on Investment Technology Laws Unsupported Software Virus Mobile Device Managment Software Tips Teamwork Mail Merge Cables Backup and Disaster Recovery Update Windows 8 Save Time Cameras Printers Motion Sickness Administrator CCTV CRM Relocation Hard Disk Drive Webcam Regulation IT Consultant Error Emergency Students CrashOverride Web Server