Overcoming human nature: habits to protect employees from phishing
Even with the best phishing training available, human beings are still fallible. Cybercriminals know it, which is why phishing attacks continue to proliferate. People still click on links in fraudulent emails and are still giving scammers access to log-in credentials, company information, or even money.
25% of employees are quick to click on phishing email links
50% of those who click will submit information in web forms
People are only human
We’re used to technology doing what it’s told to do. You give it all the right information, and it takes all the right actions from that point onward. Unfortunately, people – your employees – are not always as dependable. Here’s why.
- People can forget or misremember what you’ve told them.
- They can miss updates and overlook changes to policy.
- They may not have been paying attention during cyber security training (and most of us usually only retain around 30% of what we hear first time around).
- People can make assumptions and mistakes, or think they know more than they really do.
- Training gaps are created as new employees join the team, or others switch to different roles with different responsibilities.
- People can be distracted, careless, or even outright negligent.
- They may use unsecured devices or public networks for company email when they’re offsite.
Even with the most diligent of teams, you still have one major problem: most people are naturally trusting. And that’s why social engineering scams have proved so successful over the years. In the meantime, cyber criminals are getting smarter and better equipped, and growing in number, which is why it’s necessary to develop habits to protect employees from phishing.
Embedding skills and behaviors requires repeated practice
When we learn new skills or take on new requests, unless we put them to immediate and repeated use, they tend to fade into the background. Even the best musician or athlete will see their performance decline without regular practice.
“I hear and I forget. I see and I remember. I do and I understand.”
Confucius
Building innate habits to protect employees from phishing takes repetition. This is why it’s essential to run regular phishing awareness campaigns using Libraesva PhishBrain. This repeated practice helps employees to embed phishing awareness into their everyday approach to handling emails. It also measures the level of risk in your business, showing you where and how to take remedial action, such as retraining for groups or individuals, and ‘post-incident’ training (as you would in a real-world scenario). You can even encourage friendly inter-departmental competition to motivate improvements in performance.
Most important of all, it’s key to practicing and maintaining good behaviors, helping them to become second nature – one that that overrides natural human nature.
Is your business building the habits to protect employees from phishing?