Skip to main content

Making employees part of the solution to email security

By 27 July 2021No Comments

Lior Kohavi at Cyren  answers the critical question about the importance of making employees responsible for their own email security

Security Awareness Training (SAT) has long been a tick-box solution for organisations looking to educate their employees about email security, and specifically how to spot phishing.

The shortcomings of email security within an organisation is often exploited by cyber criminals looking to breach a network. According to a report by IBM, human error is the cause of 95% of cyber security breaches.

Frequently, the cause of a cyber breach through human error is a phishing attack, when a cyber-criminal sends targeted malicious messages to an employee, disguised as coming from a trusted source. A link in that message only has to be clicked once for the cyber criminal to then have the ability to gain access into that organisation’s network, where a catastrophic cyber-incident could potentially occur.

Evidently, more needs to be done to make sure organisations are using their employees as part of the solution to cyber-attacks, rather than making them part of the problem.

What can organisations do when approaching Security Awareness Training for their employees?

SAT is a best practice to have within all organisations. It can serve to increase awareness of the threats posed to businesses through channels such as email, especially with phishing attacks remaining so prevalent.

Training should be an ongoing activity. Yet in reality it is conducted two to three times a year, to meet regulatory requirements. This approach to SAT is not enough to make a real impact. However, it doesn’t matter how often the training is conducted if it isn’t actually working to prevent successful phishing attacks.

The balance between the need for training versus the practicality of delivering effective training is important to consider. SAT is largely driven by regulatory requirements; it’s an obligation. That can mean it’s viewed as a tick-box activity that will help the organisation achieve the rubber stamp of approval it needs to comply with any number of security mandates. Once the box has been ticked, that’s it for the next 12 months, until it is audit time again.

This approach cannot drive a practical attitude to security, which is often why businesses can still fall victim to security threats even when they have met all the certification requirements.

Security is so much more than just having a certain suite of controls on a checklist provided by a regulatory body. It is about utilising those resources effectively and engaging every employee within the business to build up those defences from the inside.

There needs to be a change in mindset so that security training is not seen as a tick-box activity but is given the strategic focus that is truly required to make a business secure.

How would a crowd-sourced approach benefit SAT?  

To guarantee SAT has an impact, and the organisation’s security is as effective as possible, businesses need to reinforce the training by empowering their employees to make decisions without burdening already overwhelmed security teams. This is why a crowd-sourced user detection approach is so very beneficial: it allows the employees to be part of the solution.

For example, it is possible to give employees the tools to get visibility of phishing indicators within the email payload. This approach enables them to scan any suspicious emails at the push of a button via an email extension. They will then clearly see within seconds if the email is a threat or not. If it is, this intelligence can then be pushed through to the rest of the network to improve the business’ overall threat-detection capabilities.

This approach differs from being trained on artificial phishing emails. It will help train users on a continuous basis to accurately identify live threats, better engage users as part of the anti-phishing solution, and reduce “alert fatigue” experienced by IT and security teams.

To put it simply, it enables organisations to engage employees to do the initial analysis of suspicious messages, rather than blindly forwarding them along to the overworked security operations team or IT helpdesk.

How can this help detect and remediate email-borne threats?

Hackers are increasing their skill levels to produce targeted phishing and Business Email Compromise (BEC) emails. But at the same time, organisations are levelling-up and deploying more security solutions that combat these threats. By using SAT to support a crowd-sourced approach when analysing suspicious emails, employees at any level can very simply establish whether an email is legitimate or not.

An analysis of the emails that have been flagged as malicious can then be applied, so that related emails can be automatically removed. This means that across the business more people are protected. This alleviates the pressure on the security team even further because they don’t have to manually execute the incident response playbook.

This proactive and practical approach to security training is proven to have greater success at keeping organisations secure from the threats posed from malicious emails.

Where do organisations go from here?  

Implementing employee training will not by itself close the gap in detection and remediation that all organisations need if they are to limit the possibility of a successful cyber attack. Instead, organisations need to consider how this activity can be built into their overall security solutions and thus contribute to their business strategy.

With cyber criminals becoming more savvy in how they conduct phishing attacks – through applications like WhatsApp and SMS – organisations need to implement automated security to detect and remediate phishing attacks, BECs and malware threats that have already infiltrated the network. Crowd-sourced user detection can assist in the continuous monitoring of defences, as well as automated response and remediation.

In order to combat the cyber criminals who are constantly looking to infiltrate a network through phishing attacks, security strategies need to become agile. Businesses need to be able to adapt their approach according to the paths taken by the threat actors.

Lior Kohavi is Chief Strategy Officer at Cyren  

Main image courtesy of


All rights reserved Teiss Recruitment Ltd.