3 in 10 workers worldwide have clicked a phishing link in the past year. In the US, it is 1 in 3. In the United States, 44% of respondents are more concerned about phishing attempts this year, but 1 in 3 admit they have clicked a phishing link in the last year. 8% of those did not report it. This is extremely concerning, and your organization must have mechanisms in place so that employees can report things like this without fear of retribution or disciplinary action.
Why is this happening?
“People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t.” – Prashanth Rajivan, Ph.D.
This story further illustrates why this is happening and it is worth the read.
So, what should you be doing to better protect your organization from a phishing link? While there is a good size laundry list of things that should be done at the very least security awareness training for every employee should be a bare minimum. We can do this for you!
For more information please contact us.