Why Training May Be The Best Way To Protect Your Data

According to a recent report from cybersecurity company Elevate Security and cyber security research organization Cyentia, a small group of employees are typically responsible for most of the digital cyber risks to an organization. The report also found that those putting their companies at risk from phishing, malware, and insecure browsing are often repeating these mistakes.

The reports found that four percent of employees clicked 80 percent of phishing links, and three percent were responsible for 92 percent of malware events. The good news was that four in five employees have never clicked on a phishing email, and half of those employees never saw such an email. These statistics reinforce the need to focus anti-phishing efforts on at-risk workers.

The malware that phishing and other attack vectors deliver also affects a small group of employees. The research found that 96 percent of users have never suffered from a malware event. Most malware events revolve around the three percent of users who suffered from two malware events or more, reinforcing the notion that security awareness messages are not being observed by those employees.

A small number of users are also responsible for browsing risky websites. Twelve percent of users tried to visit sites that violate their organization's browsing policy at least 750 times every year, causing security systems to block those sessions. These users accounted for 71 percent of all browsing violations.

However, in regard to the three risk areas, phishing, malware, and insecure browsing habits, the study found no strong link between those violating a company browsing policy and the number of phishing emails and malware infections. The report found nine percent of users exhibited high-risk behavior in only one category, and only 0.052 percent of users fell into the high-risk category for all three activities. "Just 3 percent of employees cause 92 percent of malware events" www.itpro.co.uk. (Mar. 09, 2022).


Most employers’ two main strategies in keeping their networks free from malware involve technology and training.

The use of firewalls and anti-malware technology have a significant role to play in keeping potentially dangerous emails or text messages out of the system.

However, the Elevate/Cyentia report found that nearly one in five (17 percent) of IT departments blocked no malware. Moreover, more than half of departments blocked 95 percent of these emails, while one in ten blocked almost none. Those that received the most phishing emails per year are more likely to attempt to block them.

That leaves training as having the single biggest impact in keeping your network free from malware.

It does not matter if your organization blocks none or almost all potentially dangerous phishing attempts. If there is even one careless, ill-educated, or reckless employee who is likely to click links or browse sketchy websites, your network is at risk.

It is therefore critical that adequate resources be directed to educating your employees about malware, phishing strategies, and hygienic web browsing. Such efforts should be organization-wide and include management and long-tenured employees as well.

Special attention and training should be directed to those employees who demonstrate particular vulnerabilities to malware exposure.

Finally, your opinion is important to us. Please complete the opinion survey:


Ask Jack: Can An Image Deliver Malware?

Is it possible to deliver malware through an image? Jack provides the answer. Read More

Ask Jack: What Is The Real Risk For Small- And Medium-Sized Businesses After A Cyber Attack?

Jack McCalmon, Esq. details the mindset small- and medium-sized employers should have when addressing cyber breach risk, and the end results of a breach. Read More

Ask Jack: If I Purchase Macs, Do I Really Lower My Cyber Exposure?

An employer asks Jack McCalmon, Esq. if macOS will lower cyber exposures. Read More