With phishes often trying to prompt a “sense of dread” and the feeling “Oh my goodness, I’ve got to do something,” awareness training should teach employees to recognize those emotions, Shipley said. That’s the moment they should be taught to slow down, step away from their computer, and think before clicking.
“Teaching people emotional intelligence and mindfulness can reduce susceptibility by as much as 50%,” Shipley said.
It’s also important that organizations encourage staff to report a suspicious/unusual email to a superior, to IT, or through an internal warning mechanism, Shipley said, and to give a pat on the back, or more, to those who do. That shows other employees that reporting will be rewarded.
