It’s hard for us to remember irregular habits, like spotting threats. It’s much easier to remember procedures you do every day or even weekly.

This goes to why employees need more “safe, regular practice” at spotting threats:

The procedures we learn to do on a daily basis become automatic. These are the tasks of our jobs. We know them well.

Most of us can spot a routine “spam” message as we do our daily email. But when an attacker creates a believable pretext, they create an exception to our normal habit.

Unless we set aside specific time on a regular basis to do email or handle voicemails, each unexpected inquiry is an event that interrupts us from the task we were focusing on. This is when attackers create situations that “short circuit” our normal habits for detecting threats by using emotional triggers.

Security awareness paradox

It’s been a “super-fantastic” experience to see people learning and talking about security threats.

For just $325 USD, you can run a 6 week, automated program for gamified phishing awareness training and challenges.  (Limited time offer. Normally valued at $999 USD)

Use Promo Code: 6WEEKS

    I once heard a sales coach responding to a class attendee about why a certain line of questioning works. The student had commented that, “These questions are so obvious that the prospect will spot them and will shut down”. The coach then proceeded to ask a series of questions to the prospect that led him into a trap, which he absolutely was not able to spot. The rest of the class was laughing as they realized the trap and the student wasn’t spotting it himself.

    This is how effective social engineers work.

    Without practicing spotting the subtle techniques used by attackers in a safe environment, we have a hard time spotting a suspicious message.

    So, before you get frustrated with employees who fail to spot what looks like an obvious attack, put yourself in their shoes, with all their tasks and habits.

    If you don’t give employees a continuous program of exercising good cyber hygiene, in a way that builds their confidence, they will be susceptible to being tricked.


    Scott Wright is CEO of Click Armor, the gamified simulation platform that helps businesses avoid breaches by engaging employees to improve their proficiency in making decisions for cyber security risk and corporate compliance. He has over 20 years of cyber security coaching experience and was creator of the Honey Stick Project for Smartphones as a demonstration in measuring human vulnerabilities.

    Cyber Security

    Phishing Defense

    Phishing threatens businesses and opens the door to ransomware. Fight phishing and spear phishing attacks with gamified learning.

    Social Engineering Defense

    Social engineering scams are a serious hazard to businesses. Fight back with Click Armor.

    Cyber Security Awareness for Remote Workers

    Home-based workers are vulnerable to cyber attacks. Build team immunity today.

    Privacy and Compliance

    PCI Compliance Awareness

    When team members work in an environment where they may encounter cardholder data, they need to know what to do to protect it.

    Gamified HIPAA Compliance Awareness

    If your business is a supplier to a healthcare provider in the USA or Canada, your team needs to know what to do to protect Protected Health information (PHI).

    Gamified Learning Platform

    Active Awareness Platform

    Experience the power of tailored gamified learning with Click Armor. Take your security awareness training to the next level.