Connect with us


Sack employees who click phishing emails, IT boss urges



If you're a worker who repeatedly clicks on links in dodgy emails, you should be sacked.

That's the view of Frank Lombardo, chief technology officer at Melbourne-based Insignia Financial, who yesterday sat on the panel of The Australian Financial Review Cyber Summit to discuss critical cyber threats faced by businesses.

Australians lost a record $3.1 billion to scams last year, up from $2 billion in 2021, according to the ACCC, and some of Australia's biggest corporations suffered disastrous data breaches in the last 12 months.

READ MORE: Millions of Aussies to get cash boost tomorrow

Speaking about the catastrophic impacts on businesses if hackers gain access to IT systems, Lombardo said Insignia, a financial services firm, regularly tests its employees by sending them phishing simulation emails, to see who clicks on them.

"That's part of the awareness and education and training," he said.

Clicking on suspicious links can be a firing offence, he explained, but clarified that any sacking process "doesn't happen overnight" and will be the result of an employee's "multiple failures" to detect phishing or malware attacks.

"Ultimately, you need to recognise that if you've done everything that you can and if there's a weakness … then you do need to take the appropriate action, because the consequences are severe if you get it wrong," Lombardo said.

For some employees, he said, that can mean "performance management", or the more hardline act of "exiting individuals who are just not getting it".

"You have to take this really, really seriously at all layers of your organisation," he said.

"If you don't, then [your company] will fail."

READ MORE: Ten new features available on every iPhone from today

The devastating consequences of cyber attacks for businesses and customers have been laid bare the past 12 months, with major breaches at Optus, Medibank and Latitude.

Companies can suffer huge financial and reputational damage if breached, and aggrieved customers are increasingly launching class action suits to punish businesses caught operating with weak security protections and protocols.

Hackers who gain access to sensitive corporate information will often try to force those companies to stump up a ransom totalling in the millions.

Source link