Email-based threats continue to pose serious risks to businesses, both large and small. Phishing scams and malicious attachments or links are responsible for serious issues, ranging from malware infections to major data loss or financial theft. It’s an ongoing problem that on the surface seems like it should have a very simple solution; if your employees would just stop clicking on shady links and attachments, you would have nothing to worry about.
Of course, anyone who has ever tried to explain cyber security to a group of employees knows that it’s easier said than done. Whether it’s a sense of overconfidence in their ability to spot threats, a belief that their spam filter is infallible, or plain old obliviousness, bad links and files continue to be opened.
If you’ve given training a shot and found that nothing has sunk in, it could be more about how the information is presented to your employees than an unwillingness to learn about cyber threats. A lot of the cyber security training materials available today either lean heavily on scare tactics to get their point across, or come off as cartoonish and boring. Either way, your team isn’t getting what they need to help improve your business’ cyber security.
There are other factors to consider before you put the blame entirely on your staff. The steady stream of new emails that flood your inboxes day in and day out inevitably have a numbing effect; you reach a point where you’re skimming more often than not, missing important details that would otherwise help you to spot a phishing attempt.
The way your business structures internal emails or shares files can add to the problem. If your organization has a habit of sending HTML-heavy messages on a regular basis with a lot of click-through links included, your team is less likely to find anything suspicious about a similarly structured email from an unfamiliar sender, or look closely enough at the content to spot a spoofed or phony sender address.
Businesses that use email attachments as their primary method of sharing documents between employees to edit or update train their staff to open attachments without hesitating, because they’re just going to assume it came from a coworker, client, or associate. This is one of the many reasons a cloud-based file sharing service that allows employees to collaborate on a single version of a file is a great solution for virtually any business.
Your business’ culture can have a major impact on email behavior as well. If your employees are unfamiliar with or wary of the higher-ups, they’re more likely to act on urgent requests without taking the time to follow up first. If the CEO sends an email asking for a wire transfer to be completed ASAP, a nervous employee concerned about upsetting their boss will jump straight into action.
At the end of the day, this is one security concern you can’t build or buy a solution to. The only way to stop your employees from clicking things they should not be clicking is to work with them to get everyone on the same page. Emphasize that cyber security needs to be a group effort, and most importantly, make sure each and every employee knows that no one – yourself included – will ever fault them for asking questions, or bringing concerns to your attention. It’s always better to be safe than sorry, especially where your business’ security is concerned.
Want to learn more about how you can make cyber security training more effective? Contact us at firstname.lastname@example.org or (415) 543 1033 right away. We’re the IT professionals businesses in San Francisco trust.
Search the Blog Archives.