Overconfident employees: Your hidden cyber security threat?

Do you think your team needs security training, considering you trust them not to make mistakes?

They’re smart, capable, and they know better than to click on suspicious links or open unexpected attachments.

They already know that phishing emails are designed to appear trustworthy intentionally. To trick them into giving away sensitive data or downloading malicious software.

So, they’re not the type to fall for it.

At least, that’s what they think…

Here’s the problem: Just because someone’s confident they could spot a phishing attack, it doesn’t mean they can. It’s a false sense of security – and it’s exactly what cyber criminals count on.

New research has found that a huge 86% of employees believe they can confidently identify phishing emails… yet over half of them have fallen for some form of scam in the past.

Think about that for a second.

These are people who were aware of phishing, felt confident they wouldn’t be tricked, and yet still fell victim to it. That’s because cyber criminals aren’t just sending out the obvious “foreign prince” emails anymore. They’re using sophisticated tactics like:

Emails that look like they’re from your bank or suppliers.
Fake invoices that appear legitimate.
Messages that seem to come from your colleagues.

Because phishing scams have evolved, they’re much harder to spot. And when someone thinks they’re too smart to fall for one, that’s when they’re most at risk.

Overconfidence in cybersecurity is a classic case of the Dunning-Kruger effect – a psychological phenomenon where people tend to think they know more than they do.

What’s the problem with being too confident?

Well, when people believe they’re invincible to scams, they don’t take the necessary precautions. Instead of double-checking links or questioning unexpected emails, they just assume “I’d never fall for a scam” and carry on clicking. This is how cyber criminals end up accessing business systems and data.

So, what’s the good news?

You can lower the risk of getting hit by a phishing attack. But it starts with a shift in mindset. Instead of assuming your people know what they’re doing, make sure they’re properly informed. Regular phishing awareness training can make a massive difference, helping your staff to recognise newer and more subtle scams before it’s too late.

Training alone isn’t enough, though. Your employees also need to feel comfortable reporting anything suspicious; otherwise, they might remain quiet about a potential scam. And that gives cyber criminals the upper hand. Creating a workplace culture where security concerns are welcomed (not criticised) is just as important as education.

Cybersecurity isn’t about intelligence; it’s about vigilance. Even the most tech-savvy employee can be caught off guard by a well-crafted scam. The key is to assume a threat is real, remain cautious, and never rely solely on confidence.

The moment someone thinks “I’d never fall for that” is often the moment they do.

If you like to discuss how you can keep your business better protected from cyber threats, please get in touch.

← Point-to-point WiFi - How to extend your network across buildings without cables This tiny tweak to Teams will make meetings smoother →

Are you using Teams to share sensitive data?

Microsoft Teams has fast become one of THE most useful business tools for the way we work today. No matter where your people work from, they can communicate and collaborate quickly and reliably. But this remote way of working can also open the door to some MAJOR security issues. New research shows that nearly HALF of employees frequently share confidential …

Where could AI take your business - Blog image

Could AI be the key to your businesses growth?

Artificial Intelligence (AI) is no longer just a futuristic concept. It's here now, and businesses of all sizes need to start embracing it to stay ahead of the competition. Our latest guide shows you how to use AI to revolutionise your business, from customer support...

Outlook will flag your most important emails

Your inbox is about to get a powerful new ally. Find out how Outlook’s latest feature could help you cut through the noise of junk and spot the emails that really matter (and save time too)…

Shady character in a mask sitting by computer screens

A new zero-day vulnerability in Windows

Introduction A new zero-day vulnerability in Windows Search has been discovered which can be exploited to automatically open a malicious search window containing remotely-hosted malware executables. The vulnerability is triggered when a user launches a Word document,...

How to create secure passwords

Weak passwords are one of the biggest security risks to your business.
Why?
Because cyber criminals are getting smarter than ever before. If they manage to crack just one password, they could gain access to your sensitive business data, financial information, or even gain control of your entire system.
Cyber criminals use automated tools to guess passwords, allowing them to try out millions of combinations in seconds. So, if you’re using something like “Password123” or “CompanyName2025”, you’re practically handing them the keys to your business.
A compromised password can lead to big issues, such as:
• Data breaches
• Financial losses
• Identity theft
• Reputation damage
But how do you create strong passwords without driving yourself (and your team) mad?
Think of your password like a secret recipe, where only you should know the ingredients. It should:
• Be at least 14 characters long (the longer, the better)
• Include a mix of uppercase and lowercase letters
• Contain a few numbers and symbols (like @, $, %, or &)
• Not contain any common words or easily guessable information (like birthdays, names, or the word “password”)
Instead of using a single word, you could try a passphrase – a short, random sentence that only you would understand. For example, instead of “Sailing2025”, try something like “Coffee&CloudsAreGreat9!”. This is much harder to crack, yet still easy to remember.
You should also steer clear of these common mistakes:
• Using personal info (your name, birthday, business name, etc.)
• Reusing the same passwords across multiple accounts
• Using simple sequences (“123456” or “abcdef”)
• Storing passwords in an easily accessible place (like a sticky note on your desk)
If remembering unique passwords for every account sounds impossible, there is another option: Password managers. These generate strong passwords, store them securely and autofill them for you.
With a password manager, you only need to remember one strong master password for the manager app itself. The rest are encrypted and stored safely, reducing the risk of data breaches.
Even the strongest password isn’t foolproof, which is why multi-factor authentication (MFA) is also important. MFA requires a second form of verification, like a one-time code sent to your phone or generated from an authentication app.
If you have employees accessing your business systems, it’s a good idea to have a password policy in place to explain your rules and why they’re important. This should include:
• Unique passwords for each system and account
• Regular security training on password best practices
• Business-wide use of MFA for critical systems
• Scanning for compromised passwords regularly
By making password security a priority, you can reduce the chances of a cyber attack creating a nightmare for your business.
And if you need help making your business more secure, get in touch.

Tech Tip: How to use Windows shortcut keys

Good morning everyone and welcome to your Tuesday Two Minute Tech Tip. 👉 Tired of dragging the mouse around the screen to access the things you use all of the time? 👉 Want to hear about some handy shortcuts Windows that you never know existed? Today's tip will help...

Security Awareness Training Thumbnail Image

Human Error: The Achilles’ Heel of Your Cybersecurity

Small and medium-sized businesses (SMBs) are prime targets for cyberattacks, and the most vulnerable element in their defence is their workforce. Effective cybersecurity awareness training is essential for every employee across your organisation. But to implement it...