Friday 9th October 2020

SME – Myth #3: “My team have been trained – there’s no chance they’ll fall for a phishing scam!”


No matter how vigilant or cyber-literate, your employees are not infallible! In fact, people are one of the most vulnerable components in any organisation’s security infrastructure. This is because, unlike machines, we are susceptible to tiredness and stress, which leads us to make mistakes. Attackers prey on these flaws. And all they need to infiltrate a network or transmit malware onto a device is one wrong click.

A recent study I came across highlighted that 37% of the breaches they saw were as a direct result of people stress/tiredness. 35% of their overall study showed serious breaches occurring as a result of remote working. Sobering times indeed.

Once employers recognise this, they must implement a robust security strategy that protects their employees and network. This means implementing multiple layers of defences using various security tools and by ensuring that users are trained to spot scams.

The first step is to ensure inbound emails are filtered and scanned using content scanners that check for malicious links and malware embedded into emails. Secondly, ongoing security awareness training must be carried to ensure that users remain vigilant, aware and abreast of new methods and iterations. Thirdly, organisations must assume that some malicious emails will eventually get through and have strong endpoint protection in place to stop malware from executing on endpoint devices. Finally, they must have the right processes in place to detect and respond to reported phishing incidents in a fast and effective manner before damage can be caused.

Until companies stop relying on their employees’ vigilance and awareness and make the decision to protect them instead, phishing attacks will remain highly effective, damaging and costly. As cybercriminals use social engineering to exploit the coronavirus outbreak and the fear and suspicion that surrounds it, the need to take this approach has never been more pressing.

For companies, especially small and medium-sized businesses, in a position of financial uncertainty, the failure to do so could prove disastrous.

If you are an SME, BlockAPT can support you to prevent the ever-increasing number of cyber threats and attacks facing your online web applications while you’re dealing with the challenges of having to deploy a distributed workforce.

To see if you’re eligible, please register here.



Read more from our SME blog series:

SME Myth #1: “I bought Norton 360, so I’m safe.”

SME Myth #2: “Cybercriminals aren’t interested in targeting SMEs”

Raj Meghani

CMO – BlockAPT
Email: [email protected] | LinkedIn: @rajmeghani

Passionate about cybersecurity, technology and enabling digital transformation.



Leave a Reply