Reis Blog

Visit the Reis Blog regularly for information an advice on information technology management in Canada, and around the world.

Why You Need to Make Security Awareness Training Mandatory? Read This Horror Story.

Posted December 19th, 2018

Fifty five percent of organizations fail to educate their employees on Cyber Security trends. Due to such irresponsive, companies are falling victims to social engineering, phishing and ransomware attacks. In most cases, these attacks can cost your business millions in downtime and lost resources, while severely damaging your reputation. 


"Here is some ammo to help you get management convinced that the training should be mandatory.

This is an email we received from a system admin who sent this to all his users, (the names are changed to protect the innocent).

From: Jonas
Sent: Monday, December 03, 2018 1:17 PM
Subject: URGENT Information- I NEED YOUR HELP

Hello, Last week we had two incidents where $750,000 and $35,000 were stolen from the company by cyber crime. These amounts will most likely never be recovered. This should not have happened. These thefts occurred by allowing the bad guys into our network by what is call “Phishing":

"the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers."
We have, in the past 6 months identified 15% of the email users in our company falling for the fake emails and following links that require authentication of usernames and passwords. 
After the incidents last week we identified 5 email user accounts that had been compromised by bad guys. In these accounts (one a branch manager, one a controller, one an engineer) the user ID and Passwords were given to the bad guys where they were able to intercept or send, unbeknownst to the company employee, emails with instructions to move company money for wire transfer or modify ACH accounts for payroll deposit and vendor payments.  
PLEASE, take this seriously! You would not let people into your house without knowing who they are and what they want. Email is the same. Don’t take the bait. We will be taking measures to make it more challenging for the bad guys to win. We will be making password updates more frequently along with other authentication processes.
You are our front line in this battle, not letting them into our systems, by being vigilant with the phishing schemes. If you are asked by our IT team to take training I expect you to do just that. Only 66% took the training when asked during our early September Phishing Test. 
If you would like more information regarding what you can do to insure security with your accounts please contact Eric in our IT department, or reach out to me directly. 

Thank you for your HELP,
This is the type of email you probably don't want to see from your manager or employer. Mandatory formal cybersecurity training is the essential step that will help your organization to achieve peace of mind and improve security.

Don’t be delusional thinking that this will never happen to you and your company. As we found out, 68% of the identity theft victims don’t even know how the thief obtained their information in the first place and 92% don’t know anything about the individual/group that stole from them.

Do you really want to go through all that stress and all that wasted time? Most probably not.
Find out more about our FREE Security Awareness Training demo by following the link below:


Hacked Email: Why Cyber Criminals Want to Get Into Your Inbox. (2017, June 19). Retrieved from

Sjouwerman, S. (n.d.). Why You Need To Make Security Awareness Training Mandatory. Read This Horror Story. Retrieved from