If a single click on a phishing email can ruin the entire company, the blame doesn’t lie with that individual.
28 points
*
In my time as a cybersecurity professional, my approach is always to blame the system, not the person.
If they clicked on a phishing link: 1) that email should never have reached their inbox, 2) that link should never have loaded, and 3) our awareness training is not up to snuff.