A fresh study by the consultancy company Censuswide has exposed the extent to which workers are being deceived by phishing electronic mails and how in spite of the danger of a data breaches and regulatory penalties, many companies are not providing safety awareness training to their workforce.
For the study, 500 office employees were questioned by the consultancy business Censuswide. Although all the respondents were situated in Ireland, the findings of the survey reflect the results of similar studies carried out in other nations, including the United States.
14% of all questioned office staff stated that they had been deceived by a phishing electronic mail, which would equate to about 185,000 office workers in Ireland.
There were substantial differences in vulnerability to phishing electronic mails across the different age groups: Millennials, generation X, and baby boomers. The age group most likely to be deceived by phishing cheats was millennials (17%), followed by baby boomers (7%), and Generation X (6%).
Respondents were questioned regarding how happy they were with their capability to identify phishing cheats. Even though nearly three times as many millennials had been deceived by phishing cheats as Generation Xers, millennials had the highest trust in their capability to notice phishing cheats.
14% of millennials replied that they would not be sure that they could identify a scam, compared to 17% of Gen Xers, and 26% of baby boomers.
The survey demonstrated that one in five employees had not been provided with any safety awareness training of any description, but even when training was provided, a lot of office workers still took part in dangerous practices such as clicking hyperlinks or opening electronic mail attachments in messages from unknown senders. 44% of baby boomers confessed having completed one of those actions in the past, as against 34% of millennials, and 26% of Gen Xers.
The effects of an effective phishing attack can hit a business hard. Phishing attacks can result in main financial losses, particularly when financial details are thieved. Phishing attacks can cause long-lasting harm to the status of a firm, a business may be lost, and firms can be subjected to litigations from people whose personal information has been unlawfully obtained, and watchdogs can issue considerable civil monetary penalties.
Although safety solutions can be put in place to obstruct the majority of phishing electronic mails, it’s not possible to halt all phishing electronic mails from being delivered to inboxes. Safety consciousness training for all workers in a firm, from the CEO down, is hence crucial.
Safety awareness training must be dealt with in the same way as health and safety training. It is an administrative and HR problem, not just the charge of the IT division.
Just providing a yearly training meeting for staff member is no longer sufficient. Phishing attacks are becoming more difficult and cybercriminals are regularly modifying tactics. Companies, therefore, require to continuously educate their staff members to make sure training is not forgotten and to keep workers up to date with new dangers.
Annual or biannual training sessions must be held alongside regular refresher coaching sessions to help develop a safety culture. Phishing electronic mail simulations are also effective in supporting training, evaluating the effectiveness of training sessions, and identifying vulnerable points.