Mon - Fri: 8:30am - 5pm24/7 Customer Support
Question? Let's TalkWe're here to help!

Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

Posted on: July 26, 2019
Should You Be Holding Your Staff Accountable for Failed Phishing Tests?

It can be a real head-scratcher when one of your otherwise well-performing employees routinely falls for the simulated phishing attacks you roll out as a part of your cybersecurity awareness strategy. For all intents and purposes, the person is a great employee, but when it comes to acting with caution, they fail. If you’ve made a point to prioritize your staff’s working knowledge of phishing attacks, do you replace this employee? We’ll take a look at it today.

You Need to Protect Your Business

The business is a remarkable thing, but it needs help to function optimally. If you have ten employees and two of them consistently underperform, you could make the case that if you put two higher performers in those spots, the business could be even better. The same goes for its risk management. If you have a couple people who are continuously doing irresponsible and risky things, filling those spots with people who don’t create as much risk would likely reduce your organizational exposure to risk.

A small business owner has a difficult job. Not only do they need to try and fill their team with people that can do the job, part of that job has to be doing things to protect the company against a potential data breach. If you have a couple of employees who don’t understand this is part of their job duties, and they don’t do what they need to do to become trained and ready to confront these risky situations, there is virtually nothing that can be done about it other than to replace those people. After all, for a small business, a data breach could be the end game.

What Is the Purpose of a Phishing Test?

Phishing is the act of sending a fake email, message, or text enticing the end user to take action. By the user clicking on the links and downloading attachments in these phishing messages, hackers gain access to a company’s network; and, from there, can wreak all types of havoc. As a result, businesses have started offering aggressive phishing training, and have seen proven results. With the thousands of data breaches that have happened over the past decade, and the dire consequences these breaches have exacted on many of them, you can understand why.

1.2 percent of all global email can be labeled suspicious, but worldwide, that adds up to about 3.4 million phishing emails sent every day. That doesn’t say anything of the massive amount of users are exposed to phishing over social media, or through messaging programs. These attacks don’t take a lot of work to produce, so they are sent out en masse, and most are foiled, deleted, or ignored altogether. The problem is it only takes one. One email can cripple a city’s municipal infrastructure, ground airplanes, and ruin your business.

Since phishing attacks are so common, it stands to reason that continuous training is a good idea; and, most people get it. Most people will go through their whole lives without clicking on hyperlinks they don’t know or downloading attachments from emails sent from strangers. For some reason there are people who just don’t get it, however, and in their attempts to do their job well, they ignore the signs they are being phished. They just cannot get through these messages unscathed. Since phishing tests are designed to evaluate abilities, not competencies, firing employees who fail phishing tests may not be the best idea for your business’ reputation as employers, but it has to remain an option.

What Companies Do

As you might expect, there are companies that demonstrate a very low tolerance for failed phishing tests. The majority of the most stringent happen to work in financial services and healthcare, two of the most regulated industries. Any data breach in these industries come with a lot of additional hand wringing and very well could have lasting and unfortunate effects on their client’s (and therefore the company’s) well-being. Of course, initially falling for test phishing emails would (and should) result in reprimand, but if they continue, there isn’t much left to be done than to move on from that employee.

Unfortunately for these companies, what they fail to realize is these kinds of behaviors may do nothing to improve their organizational security. Sure, firing someone who has a hard time recognizing a phishing email means he/she can’t expose the company, but who is to say the person you bring in to fill that person’s position will be able to recognize these types of attacks any better?

As stated above, most employees will not fall for phishing attacks. Most will excel at awareness training and will effectively protect your business. It is important management takes the initiative to test employees. You will want to keep their staff well informed and trained on the latest cyberthreats, whether they be a form of phishing or not.

If you need help putting together a training platform that will both keep morale from plummeting and keep intruders out of your network, call the experts at Bmore Technology today at 866-554-8488.

Learn More About Bmore Technology
Testimonials
See What People Are Saying:

We recently made the decision to switch IT companies and Bmore Technology offered everything we required. As with any large change, there was some apprehension involved. (more…)

More Testimonials
A Few of Our Partners
Latest News
Our Family Has Grown: Bmore Technology Acquires Carolina Phone & Data Services

Bmore Technology expands footprint in South Carolina BALTIMORE, MD – December 5, 2018 – Bmore Technology has announced the acquisition of Carolina Phone & Data Services (CPDS). (more…)