Is Punishment Proper?
Updated: Sep 2
The emphasis on smart #cybersecurity practices is vital. As professionals in the IT industry, we know this, we work to ensure policies and procedures are in place that keep the topic at the forefront of every business we support and work within. But while training employees to learn these behaviors is important, there is one aspect of it that isn’t discussed frequently, or at the very least publicly: The repercussions of making a mistake.
How do you deal with an employee who either refuses to learn, continually makes mistakes, or dismisses the importance of learning smart and safe behaviors? In a recent study led by Dr. John Blythe, Head of Behavioral Science at CybSafe in the UK, 42% of businesses will punish employees in response to their failure of unsafe phishing practices in simulated training sessions. Punishments vary and their level of intensity ranges as well, based on the severity of the “crime”.
For example: • 15% of organizations will “name and shame” the offending employees • 33% of organizations decrease access privileges for those that fail • 63% inform the employee’s manager • 17% will lock an employee’s computers until the appropriate training has been completed
Does It Work?
As one might expect, it doesn’t. And even worse, it can have a counter effect on employees wanting to act responsibly when it comes to cybersecurity. They can become resentful and perhaps even unwilling to try to learn or modify their behaviors when it is forced upon them. Additionally, if making a mistake while learning has negative repercussions, then why take the chance?
Make it Fun
While we aren’t experts, we do know from experience and common sense that learning is best done when it is done without fear or judgment – and even better when it can be fun! Human error accounts for the majority of data breaches. If you take that risk factor and couple it with a system that works within the parameters of everyday habits and tendencies to inform and modify behaviors, you are likely going to have a winning combination. Our Catch Phish solution does just that. With Outlook integration, this plug-in makes catching ‘phish’ fun and provides ongoing cybersecurity training through videos and quizzes to ensure employees stay up-to-date on the latest threats and best practices.
#Cybersecurity can be intimidating, but not knowing safe practices is a matter of a business surviving a breach, or never recovering from it at all. Offering an ongoing cybersecurity solution can help your clients increase the odds in their favor.
If you have questions about protecting your business from Phishing attacks, Let Us Know!
Or give us a call 512-761-7652.