What do you do when an otherwise well-performing employee routinely fails your cybersecurity awareness tests? In everything else, the person is a great employee, but when it comes to simulated phishing attacks, he or she is clueless. You’ve been training your staff in cyber threat awareness, and everybody else is getting it. Do you replace this employee?
Your business needs to function optimally. If you have ten employees and two of them consistently underperform, you will probably want to fire them and if put two higher performers in those spots. Similarly, if you have employees who keep doing irresponsible and risky things, replacing them with people who are more aware of cyberthreats would reduce your risk exposure.
Small business owners need a team of people that can do their job while protecting the company against a potential data breach. If you have employees who don’t make it a priority to be trained and aware of security threats, you have to replace them. A security breach could easily put you out of business.
Phishing is sending a fraudulent email, message, or text that tricks the user into giving information or clicking a link. These links download attachments which give hackers access to a company’s network. As phishing has gotten more sophisticated, businesses have begun offering aggressive phishing training. This is proving to be effective, and we strongly recommend it.
1.2 percent of all emails can be labeled suspicious. Worldwide, that adds up to about 3.4 million phishing emails per day. That doesn’t include phishing attempts over social media, or through messaging programs. These attacks are sent out en masse, and most are detected or ignored. Unfortunately, it only takes one email to cripple a city’s municipal infrastructure, ground airplanes, or ruin your business.
Since phishing attacks are epidemic, continuous training is vital. Most people understand this, and will never click on hyperlinks they don’t know or download attachments from emails from unknown parties.
However, some people just don’t notice the signs that they are being phished. You may have an employee who is highly competent but just can’t pass a phishing test. You don’t want to fire someone like that, and it’s bad for morale and your reputation, but it has to remain an option. Security breaches are just too dangerous to ignore the danger.
Some companies have a very low tolerance for failed phishing tests, especially financial services and healthcare. Any data breach in these two highly regulated industries could have lasting and unfortunate effects on their client’s wellbeing and could lead to colossal lawsuits.
Of course, initially falling for test phishing emails should result in a warning, but if they continue, companies will often terminate.
The problem is that firing an employee who has a hard time recognizing a phishing email may do nothing to improve a company’s security. Sure, it protects the company from that employee’s errors, but the new hire who fills that position will need training and may be just as bad.
Of course, most employees will excel in awareness training and will learn to protect your business. Management needs to prioritize training and testing employees. Make sure your staff stays current on all the latest cyber threats, and offer paid training for employees who don’t excel right away. Hold them accountable, but provide support.
Need help putting together a training platform that will protect your network and morale at your company? Call the experts at Quikteks today at (973) 882-4644.