Overconfident employees: Your hidden cyber security threat? • Blisstech Solutions

Do you think your team needs security training, considering you trust them not to make mistakes?

They’re smart, capable, and they know better than to click on suspicious links or open unexpected attachments.

They already know that phishing emails are designed to appear trustworthy intentionally. To trick them into giving away sensitive data or downloading malicious software.

So, they’re not the type to fall for it.

At least, that’s what they think…

Here’s the problem: Just because someone’s confident they could spot a phishing attack, it doesn’t mean they can. It’s a false sense of security – and it’s exactly what cyber criminals count on.

New research has found that a huge 86% of employees believe they can confidently identify phishing emails… yet over half of them have fallen for some form of scam in the past.

Think about that for a second.

These are people who were aware of phishing, felt confident they wouldn’t be tricked, and yet still fell victim to it. That’s because cyber criminals aren’t just sending out the obvious “foreign prince” emails anymore. They’re using sophisticated tactics like:

  • Emails that look like they’re from your bank or suppliers.
  • Fake invoices that appear legitimate.
  • Messages that seem to come from your colleagues.

Because phishing scams have evolved, they’re much harder to spot. And when someone thinks they’re too smart to fall for one, that’s when they’re most at risk.

Overconfidence in cybersecurity is a classic case of the Dunning-Kruger effect – a psychological phenomenon where people tend to think they know more than they do.

What’s the problem with being too confident?

Well, when people believe they’re invincible to scams, they don’t take the necessary precautions. Instead of double-checking links or questioning unexpected emails, they just assume “I’d never fall for a scam” and carry on clicking. This is how cyber criminals end up accessing business systems and data.

So, what’s the good news?

You can lower the risk of getting hit by a phishing attack. But it starts with a shift in mindset. Instead of assuming your people know what they’re doing, make sure they’re properly informed. Regular phishing awareness training can make a massive difference, helping your staff to recognise newer and more subtle scams before it’s too late.

Training alone isn’t enough, though. Your employees also need to feel comfortable reporting anything suspicious; otherwise, they might remain quiet about a potential scam. And that gives cyber criminals the upper hand. Creating a workplace culture where security concerns are welcomed (not criticised) is just as important as education.

Cybersecurity isn’t about intelligence; it’s about vigilance. Even the most tech-savvy employee can be caught off guard by a well-crafted scam. The key is to assume a threat is real, remain cautious, and never rely solely on confidence.

The moment someone thinks “I’d never fall for that” is often the moment they do.

If you like to discuss how you can keep your business better protected from cyber threats, please get in touch.

More Content

A third of all data loss is caused by problems with backups

The lack of a reliable backup causes a third of all data loss

Your business data is backed up and recovery tools are in place. So, your data is safe, right? Sadly… not always. Here’s why we recommend backups are checked regularly..

How to use Browser Profiles thumbnail

Tech Tip: How to use browser profiles

This Tech Tip is on how to use web browser profiles. If you are a freelancer, virtual assistant, or just wear many hats in your job role, you probably have multiple different logins for the same application. As so many applications are web-based, we have to login to...
Professional woman at a laptop

6 ways to make your small business look professional

When you start out in business, one of the hardest things to do is find new clients.  Most customers will not buy from you unless they trust you, and trust usually comes from reputation.  But how do you gain people's trust if you are new and don't have much of a...
Beware this malware: It “annoys” you into handing over login details

Beware this malware: It “annoys” you into handing over login details

A sneaky new malware wants to annoy you into giving up your login details. It locks your browser in full screen mode, making you think you’re trapped… But you can easily escape and we’ll tell you how…

BEC attacks illustrated. Image of a hacker standing behind a computer looking menacing

Business Email Compromise (BEC) attacks are rising

Business Email Compromise (BEC) has emerged as a significant threat to businesses worldwide in recent years. As of March 2025, there has been a staggering 30% increase in BEC attacks. In late February 2025, Microsoft Defender identified nearly 2 million phishing...

Now AI can make your Teams meetings more productive

Microsoft Teams Meeting Recap will summarise your meetings and even make a list of the action points. We show you its other benefits

How to create secure passwords

How to create secure passwords

Weak passwords are one of the biggest security risks to your business.
Why?
Because cyber criminals are getting smarter than ever before. If they manage to crack just one password, they could gain access to your sensitive business data, financial information, or even gain control of your entire system.
Cyber criminals use automated tools to guess passwords, allowing them to try out millions of combinations in seconds. So, if you’re using something like “Password123” or “CompanyName2025”, you’re practically handing them the keys to your business.
A compromised password can lead to big issues, such as:
• Data breaches
• Financial losses
• Identity theft
• Reputation damage
But how do you create strong passwords without driving yourself (and your team) mad?
Think of your password like a secret recipe, where only you should know the ingredients. It should:
• Be at least 14 characters long (the longer, the better)
• Include a mix of uppercase and lowercase letters
• Contain a few numbers and symbols (like @, $, %, or &)
• Not contain any common words or easily guessable information (like birthdays, names, or the word “password”)
Instead of using a single word, you could try a passphrase – a short, random sentence that only you would understand. For example, instead of “Sailing2025”, try something like “Coffee&CloudsAreGreat9!”. This is much harder to crack, yet still easy to remember.
You should also steer clear of these common mistakes:
• Using personal info (your name, birthday, business name, etc.)
• Reusing the same passwords across multiple accounts
• Using simple sequences (“123456” or “abcdef”)
• Storing passwords in an easily accessible place (like a sticky note on your desk)
If remembering unique passwords for every account sounds impossible, there is another option: Password managers. These generate strong passwords, store them securely and autofill them for you.
With a password manager, you only need to remember one strong master password for the manager app itself. The rest are encrypted and stored safely, reducing the risk of data breaches.
Even the strongest password isn’t foolproof, which is why multi-factor authentication (MFA) is also important. MFA requires a second form of verification, like a one-time code sent to your phone or generated from an authentication app.
If you have employees accessing your business systems, it’s a good idea to have a password policy in place to explain your rules and why they’re important. This should include:
• Unique passwords for each system and account
• Regular security training on password best practices
• Business-wide use of MFA for critical systems
• Scanning for compromised passwords regularly
By making password security a priority, you can reduce the chances of a cyber attack creating a nightmare for your business.
And if you need help making your business more secure, get in touch.

Are your people Christmas shopping from work?

Almost half of people with social media accounts admit to falling for shopping scams. If your team are shopping at work, is your business protected?

Snip and Sketch video thumbnail

Tech Tip: How to use the Snip and Sketch tool

This is a Tech Tip on how to use the really handy Snip and Sketch Tool built into Windows. Who said that "a picture paints a thousand words"? I'll leave you to Google that one as I couldn't work it out! Anyway, there are times when an image is the best way to...
Laptop on a desk with a picture of a hand holding a globe

Get on top of this now if any of your staff are hybrid working

People are increasingly doing their work remotely and hybrid working has become the new norm. Despite the fact that it has been more than two years since many of us were forced to work from home, too many organisations still do not have the appropriate cyber security...
Share This
Contact
Love Lane
Cleobury Mortimer
Shropshire DY14 8PE

01299 382 321
[email protected]
Copyright © 2024 Blisstech Solution Ltd
Registered No: 08125391 VAT No : 307 5490 05