Sack staff who click on suspicious emails, says Insignia Financial boss Frank Lombardo

The head of a major financial services company says employers need to have a zero tolerance approach to staff who continuously click on suspicious emails.

Cybercriminals continue to barrage organisations with targeted email attacks, and many companies are struggling to keep up.

According to IT Brief Australia, 46 per cent of Australian organisations analysed were victims of spear phishing in 2022 and global organisations received five highly personalised spear-phishing emails per day on average.

Spear phishing is a type of phishing that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.

Frank Lombardo, the chief operating and technology officer at Insignia Financial, told the Australian Financial Review that phishing and malware remains “one of the largest ways that threat actors get into your organisation”.

His firm has a novel way to educate staff on the dangers of phishing and malware.

“We’re performing regular tests on our people pretty much every day, and we’re sharing those results with [staff]. That’s part of the awareness and education and training,” he said.

Clicking on the emails, or failing some other security tests, can be a firing offence, he said.

However, Mr Lombardo said such a dramatic action doesn’t happen overnight.

“It’s multiple failures,” he explained.

“Ultimately, you need to recognise that if you’ve done everything that you can and if there’s a weakness, and if it’s at that human level and the human just isn’t getting it, then you do need to take the appropriate action, because the consequences are severe if you get it wrong.

“It may even lead to performance management and exiting individuals who are just not getting it. You have to take this really, really seriously at all layers of your organisation. If you don’t, then [your company] will fail.”

Australians lost a record $3.1 billion to scams last year, up from $2 billion in 2021, according to the ACCC.

Some of Australia’s biggest corporations suffered disastrous data breaches in the last 12 months, most notably, Optus, Medibank and Latitude, leading to huge financial and reputational damage.

Up to 9.8 million Australians had their personal details stolen in the massive Optus hack in September 2022, resulting in 10 per cent of customers leaving the company since the breach.

Meanwhile, Medibank, one of Australia’s largest private health insurance providers, is expecting to spend up to $45 million relating to hacking after more than nine million customers’ data was compromised by a massive hack in October last year.

A hack of Aussie financial firm Latitude saw 14 million records stolen this year which includes 7.9 million drivers licences, 53,000 passport numbers and records with personal information such as customers’ names, addresses, telephone numbers and dates of birth.

– with Sarah Sharples and Nathan Schmidt

Originally published as Call to sack staff who click on common email

Read original article here

Denial of responsibility! Bulletin Reporter is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@ . The content will be deleted within 24 hours.

Leave a comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More