risk management training

Your employees are the greatest threat to your security

Cybercriminals see businesses that fail to train their employees on cybersecurity as an opportunity to exploit. Hackers can gain access and infiltrate your systems through means that appear legitimate if they can obtain details or information from your employees.

Penetration testing and vulnerability scanning are vital and essential parts of any company’s cybersecurity strategy. However, pen testing alone sometimes isn’t enough.

Why employees make security mistakes

According to The Psychology of Human Error report, the primary reasons why employees make security mistakes include:

  • Tiredness & stress – 93% of employees say they feel stressed and tired, with 46% of these claiming to have experienced burn-out.
  • Untrained – Don’t know enough to stay secure.
  • Not paying attention / being distracted – 33% of employees don’t or rarely think about cybersecurity.
  • Age – Although the perception is that younger people make mistakes, there is not enough evidence to draw this conclusion. Research shows that older employees may be less aware of cyber threats and cab be less willing to admit mistakes.

Common employee mistakes 

Sending emails to the wrong person

According to the survey conducted by Tessian, 58% of people asked admitted to sending an email by accident to the wrong person. Not only does this harm the business’s reputation (20% reported losing a customer), it also harms productivity (12% losing a job).

Sending emails to the wrong person also creates an opening for cyber-attackers. The consequences highlighted in the report include 41% of organisations having to inform their customers. Furthermore, this type of mistake is often not reported (16%).

Falling for phishing scams

25% of employees admitted to clicking on a phishing email, with men twice as likely to be victims, although the report does not state the percentage of women surveyed.

Again with age, it seems that older employees were less likely to fall for a phishing scam. This could be because of an unwillingness to admit mistakes or because they are unaware that they might have fallen victim.

Responding quickly

Many in the report stated that the expectation to respond to emails quickly was mostly to blame. Often, scam or phishing links are disguised as the links are edited, so the displayed text looks legitimate. 

For example bbc.co.uk  

Although you might think from looking at this link that you will be going to the BBC, the link behind it takes users back to our home page. 

Tip! if you are on a desktop/laptop device, you can hover your mouse over the link to see the destination page in the bottom left-hand corner of your screen.

Please note: links to websites are almost always safe as the browser provides protection. Also, most PCs and tablets will contain the latest anti-virus and browsing software. The easiest way to protect yourself against this is to regularly run updates on all your applications and make sure that you have the latest anti-virus software installed.

Scam apps and browsers usually look low quality and will try to scare or tempt you into clicking something that is not secure. For example, ‘you’ve been hacked, click here to restore your computer’ or ‘You have won a free Lamborghini, click here to claim.’


Working from home is on the rise due to COVID-19, and an environment shared with other family members and children can lead to not paying proper attention.

Disguised legitimacy

Employees often believe the link they are clicking is genuine because it is:

  • Corporate – The email used the details of people who hold high positions within the company, and sending an email in their name often distracts employees from realising that the email address is different
  • Branded – They thought it was from a trusted brand

The importance of cybersecurity training

By taking the time to train your employees in risk management, you need to not only train them but put processes in place that is easy to follow. Contact us to learn more about educating your workforce on cybersecurity.

Contact us..

Related Articles

How To Get ISO 27001 Certified

ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a systematic approach for organisations to manage and protect their

Find Out More