Now We Know Why You Can’t Depend on Awareness Training to Stop Phishing Attacks
Quick Answer
Phishing awareness training never gets click rates to zero because employees knowingly ignore security guidance. A Symphony Communication Services survey of 1,569 US and UK collaboration-tool users found 24% are aware of IT security guidelines but don't follow them, 27% knowingly connect to unsecured networks, and 25% share confidential information through Slack, Teams, or Skype. Generational data shows Millennials are 2x to 3x more likely than Boomers to share credentials, copy company data, share company credit card or password info, or install unapproved apps. The conclusion: trying to train your way out of phishing has a hard ceiling. Cloud-based email security with real-time link click protection moves the burden off the user.
It’s been shown repeatedly that all the phishing awareness training in the world won’t get the click rate on malicious emails down to zero. And now we know why.
Thanks to research conducted by Symphony Communication Services, “An alarming percentage of workers are consciously avoiding Its guidelines for security.”
“The report is based on a survey of 1,569 respondents from the US and UK who use collaboration tools at work. It found that 24% of those surveyed are aware of IT security guidelines yet are not following them. Another 27% knowingly connect to an unsecure network. And 25% share confidential information through collaboration platforms, including Skype, Slack, and Microsoft Teams.”
The feeling, according to those who cover security, is that some employees see security as an impediment to doing their jobs and when push comes to shove, they ignore security to get their jobs done. No wonder awareness training is never 100% effective.
As things turn out, attitudes toward security depend on the employee’s age. For example, the survey found that, compared to Baby Boomers, Millennials are:
- 2x more likely to share confidential information over messaging/collaboration apps
- 3x more likely to download sensitive info or intellectual property from their companies
- 2x more likely to talk badly about the boss over chat
- 3x more likely to share company credit card or password information
- 2x more likely to gossip about co-workers
- 2x more likely to download a communications app not approved by IT
Whether your organization is based on a foundation of Baby Boomers or is overrun by Millennials, the best way to deal with employee indifference to security guidelines is to take security compliance out of their hands and shift the onus over to technology.
No matter how careless or indifferent employees are to clicking on the links in emails, you can prevent phishing attacks at your organization with cloud-based email security with real-time link click protection. It protects against malware, spear-phishing and spoofed domain names. There are no contracts required. It comes with 24/7 customer support. And you’ll be up and running in 10 minutes.
General Manager
General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.
Secure your email infrastructure
Protect, authenticate, and deliver. Contact our team to find the right solution.