NSN Management Blog
New Report Finds that A Third of Employees Will Fall for Phishing Scams
Hackers are a crafty bunch. They will use any and all means to infiltrate businesses, including some that are downright shameful. One of the most devastating ways that hackers make these attempts is through the use of phishing attacks, or attacks where they essentially trick users to click on links in emails or hand over confidential information.
A study performed by KnowBe4 found that one in three untrained employees were likely to fall for some type of phishing attack or social engineering tactic. The report analyzed businesses to assign what they call a “phish-prone percentage,” or PPP. The average number they found for employees likely to fall for phishing attacks, 31.4%, is actually a bit on the lower end of the spectrum, with some large organizations exceeding the 50% marker.
We suppose this makes sense—the more employees an organization hires, the more points of entry for anyone attempting phishing schemes. Still, this represents a massive threat to all companies. After all, it only takes one or two instances of security breaches to create considerable challenges for your business moving forward.
The key to keep in mind here is the word “untrained,” as in those who have not been trained on how to properly address cybersecurity issues. In those who have gone through a rigorous training process, the likelihood of them falling victim to phishing attacks fell dramatically. KnowBe4 conducted a 90-day training session for the same organizations and found that the number had reduced significantly with just this short amount of training to 16.4%. After one full year of training, the results were even more promising at 4.3%, with the highest rates being for organizations with more than 1,000 employees at 5.9%.
Compared to the previous numbers, we’ll take these results any day. It just goes to show that proper training can make a world of difference for employees, especially as it pertains to cybersecurity. After all, cybersecurity is a multifaceted field, and one needs knowledge of various best practices and a solid understanding of specific threats in order to avoid them. All that said, it is difficult to say that you can help your employees avoid becoming the target of phishing scams. More likely than not, they will encounter a phishing attack of some sort during their employment with your business. How they respond to it is going to be the determining factor for whether or not it becomes a problem for them and for your organization.
We recommend that all businesses take a two-pronged approach to cybersecurity. The first is to implement powerful cybersecurity measures that can keep threats from exposing themselves to your employees. Even the best solutions will not prevent all cybersecurity threats from making themselves known, but they will eliminate the vast majority of threats, reducing the opportunities for your employees to make mistakes with their response.
The second approach, as you may have already guessed, is to provide comprehensive security training for your employees. This is not a one-and-done thing that only happens when they are hired; rather, your security training should be a regular occurrence and one that builds an understanding of cybersecurity best practices and the consequences for not sticking to them. And above all else, it is crucial that you tell your employees that security issues must be brought to your attention immediately. They should not be sweeping issues under the rug and forgetting about them. This is how minor issues become larger problems, and in cybersecurity, these problems matter more than anything else.
To find out how you can start to secure your business, reach out to NSN Management at (918) 770-7400.