Finance boss at Insignia Financial says staff should be SACKED if they click on suspicious work emails

A boss of a major finance firm says workers should be fired if they’re caught clicking on spam emails too many times.

Frank Lombardo, Chief Operating and Technology Officer at Insignia Financial, said companies increase their chances of being subjected to a major hack if staff are not aware of the risks. 

He said employees who repeatedly fail security tests, such as clicking on fraudulent emails, should potentially cost workers their jobs. 

‘You need to recognise that if you’ve done everything that you can and if there’s a weakness, and if it’s at that human level and the human just isn’t getting it, then you do need to take the appropriate action,’ Mr Lombardo told the Australian Financial Review. 

‘It may even lead to performance management and exiting individuals who are just not getting it,’ he said. 

Mr Lombardo said it’s all part of educating workplaces on their preparedness against hackers and other forms of online criminal activity. 

He said he tests his staff almost every day by sending out emails designed to mimic hackers and forms of dodgy emails. 

It’s an exercise that gives experts like Mr Lombardo an idea of who is likely to click on emails and other forms of phishing attacks. 

Phishing is a form of online hack which tricks users of electronic devices such as phones and computers to click on a link and download software. 

It then allows hackers to gain access to users’ personal information.  

Hackers often target workplaces’ email addresses to get access to personal information of employees, and have conducted a spate of cyber attacks on several major Australian companies. 

In 2022, hackers stole the private data of 30,000 current and former staff of Telstra. 

Almost 10 million Aussies had their personal data stolen, when a hacker infiltrated the systems of telco giant Optus and raided the details of its current and former customers, in a separate attack. 

Around the same number of Aussies also had their data breached, after Russian hackers accessed the personal information of current and former customers from insurer Medibank. 

Westpac Group Chief Information Security Officer Richard Johnson said these types of breaches are the biggest threats facing companies. 

‘For the average employee of an organisation, the single biggest threat they’re likely to face on any day is going to be in their inbox – something that might have slipped through multiple layers of defence,’ Mr Johnson told the newspaper. 

He said staff at Westpac get at least one phishing email a month and if workers click on that email, another is directed towards the employee to see if they click again.

Some staff may then have their internet access restricted if they cannot recognise a fraudulent email. 

Experts say the best defence against hacks is staff buying into cybersecurity preparedness by being aware of potential threats, rather than companies relying on a build up in security technologies. 

The latest report by competition watchdog ACCC estimated Aussies lost more than $3billion in a range of online and digital scams in 2022 alone. 

More than $24million was lost to phishing scams.