Are your employees suffering from click paralysis?

When employees are so afraid of clicking on malware and infecting their networks that they refuse to click on legitimate and safe content, productivity comes to a halt. Taking their security to unnecessary extremes, employees can actually undermine their cybersecurity platforms by creating disincentives for continued compliance. 
This is a phenomenon NINJIO’s co-founder and former CEO Zack Schuler, in his recent piece for Dark Reading, has coined click paralysis. But employees don’t have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.
According to a PwC survey, just 26% of employees say they can report an incident without fear of reprisal. This status quo is deeply corrosive to the development of a healthy culture around cybersecurity, as it keeps managers and IT professionals in the dark about what’s happening at their own companies. Is it any wonder that employees who are afraid of retaliation if they’re honest about their mistakes are also inordinately worried about what they click on? Companies need to address both of these problems at once by making it clear that nobody will be punished if they inform a manager about a possible cyberattack, even if the employee submitting the report bears responsibility. 
While all employees have a responsibility to keep their organizations safe, there’s no reason this priority has to come at the expense of productivity. Here’s how companies can help promote safer habits that keep employees moving forward with confidence:

Lessons should always be constructive. Despite the immense damage they’re capable of causing, cybercriminals shouldn’t be presented as some kind of unstoppable force of nature – the last thing you want to do is convince employees that their efforts can’t make a difference.

Every story about cyberattacks should be accompanied by a concrete call to action. If a company’s network was breached by a phishing scheme, the lesson should address whichever attack vector was exploited and demonstrate how this could have been prevented. 

Employees should be reminded that nearly all breaches involve human error. But frame this fact as an opportunity to drastically reduce risk in a cost-effective and long-term way. This will make employees more confident in what they learn, decreasing the risk of cyberattacks and click paralysis at the same time. 

 Read Zack’s full piece on balancing security awareness and anxiety here.