About a year ago, information security company Shred-it released a report saying “Employee negligence is the main cause of data breaches.” I have no doubt that’s true. The part I disagree with is the solution.
The solution that’s being promoted for the “employee” problem is phishing awareness training. And not just training, but MORE training. There’s only one problem with this way of thinking: it won’t eliminate data breaches.
Those in the know even admit this. According to a recent article in SC Magazine, when discussing employee education, Zvi Guterman, CEO of CloudShare said, “Best of all, reducing cyber incidents through education and training is achievable…” Did you see what he did there?
Employee awareness training will reduce, but not eliminate, cyber incidents. And that’s the problem. Until companies can get to zero cyber incidents, they have a cyber security problem. It only takes one breach.
Imagine these two extreme approaches to email security. In approach #1, the company uses no email security service, but every employee has awareness training. In approach #2, there’s email security technology in place to prevent phishing, but none of the employees receive any awareness training. Which approach do you think will be more effective?
We know from research, that after one year of continuous employee training, the best possible result is 98% effectiveness. And that’s when employees care about security. What we also know from research is that “1 in 4 workers are aware of security guidelines – but ignore them.” Still think training is the way to go?
There’s nothing wrong with awareness training. Every organization should have an ongoing educational program. But it’s not enough. Education alone will leave your company vulnerable for certain.
If your company is on a limited budget, the best investment you can make is phishing protection technology with real-time link click protection. Not only is it more effective at stopping phishing attacks, but it’s far cheaper than awareness training.
To train 150 employees for a year by training company KnowBe4 costs up to $3,300/year. To protect those same 150 employees for a year with phishing prevention technology costs only $540/year. That’s right, something that’s better actually costs less.
Phishing is a problem, we all agree. If you have the budget, purchase every form of protection you can, including training your employees. But the first thing you should invest in, if you want to keep your company’s data safe, is phishing protection with real-time link click protection.