It’s been shown repeatedly that all the phishing awareness training in the world won’t get the click rate on malicious emails down to zero. And now we know why.
Thanks to research conducted by Symphony Communication Services, “An alarming percentage of workers are consciously avoiding Its guidelines for security.”
“The report is based on a survey of 1,569 respondents from the US and UK who use collaboration tools at work. It found that 24% of those surveyed are aware of IT security guidelines yet are not following them. Another 27% knowingly connect to an unsecure network. And 25% share confidential information through collaboration platforms, including Skype, Slack, and Microsoft Teams.”
The feeling, according to those who cover security, is that some employees see security as an impediment to doing their jobs and when push comes to shove, they ignore security to get their jobs done. No wonder awareness training is never 100% effective.
As things turn out, attitudes toward security depend on the employee’s age. For example, the survey found that, compared to Baby Boomers, Millennials are:
- 2x more likely to share confidential information over messaging/collaboration apps
- 3x more likely to download sensitive info or intellectual property from their companies
- 2x more likely to talk badly about the boss over chat
- 3x more likely to share company credit card or password information
- 2x more likely to gossip about co-workers
- 2x more likely to download a communications app not approved by IT
Whether your organization is based on a foundation of Baby Boomers or is overrun by Millennials, the best way to deal with employee indifference to security guidelines is to take security compliance out of their hands and shift the onus over to technology.
No matter how careless or indifferent employees are to clicking on the links in emails, you can prevent phishing attacks at your organization with cloud-based email security with real-time link click protection. It protects against malware, spear-phishing and spoofed domain names. There are no contracts required. It comes with 24/7 customer support. And you’ll be up and running in 10 minutes.