Are Corporate Employees That Fall For Scams – Victims Or Negligent?
An Analysis of the Consequences of Being Scammed in the Corporate Context
Primary Category: Editorial/Commentary
Author:
• Tim McGuinness, Ph.D. – Anthropologist, Scientist, Director of the Society of Citizens Against Relationship Scams Inc.
About This Article
A conversation with a leading cybersecurity training company highlighted the prevalent belief that employees responsible for cybersecurity breaches are reckless and negligent. However, this perspective can harm organizational security by creating fear and inhibiting employees from actively participating in remediation efforts.
Recognizing employees as victims of sophisticated social engineering tactics rather than as culprits can foster a more supportive environment, leading to better prevention and recovery from cyberattacks.
It is essential for companies to provide proper education on social engineering, offer compassionate support post-incident, and engage employees collaboratively in cybersecurity efforts to enhance overall security and reduce trauma.
Are Corporate Employees That Fall For Scams – Victims or Negligent? How Employers Treat Their Employees After A Scam Matters!
Originally Published September 1, 2020
In a recent conversation with a leading cybersecurity training company, we explored the predominant notion that employees who fail to follow corporate policies and procedures, that lead to cybersecurity breaches are reckless, negligent, and at fault.
Increasingly, we have seen that companies are holding their employees financially responsible for mistakes that allow for cyberattacks getting through defenses, such as phishing scams, business email compromise scams, ransomware attacks, etc.
Is this view correct?
Or is it, in fact, decreasing security by forcing employees to be fearful of cybersecurity as a threat to their own well-being and employment?
I am a Director of the largest cybercrime victims’ assistance organization called SCARS (www.AgainstScams.org) and I would argue that everyone that falls for scams – either personally or in a corporate context are victims, and deserving of consideration as victims.
Additionally, I would argue that companies that fail to recognize this fact are undermining their own efforts to create a more secure environment.
Far too often corporate cybersecurity policy-makers devise policies that attempt to impose liability on their own employees for their failures. Such liability can include sanctions from loss of employment to severe financial liabilities. In fact, in recent years we have seen companies suing their own employees for BEC scam losses.
Blaming the victim is never a way to stop incidents from happening.
The reality is every employee is just a human being and in the case of scams, social engineering and manipulation are far more powerful than individuals in most cases. Policies that fail to recognize this are doomed to failure. No one can simply mandate perfection under threat from their employers. It just does not work.
Boards across all industries must recognize that their employees are not the problem, though they are a vulnerability. And when they are attacked they are victims every bit as much as the business or institution itself. By recognizing this simple fact, organizations can begin to better understand that they and their employees are unified in their inherent vulnerabilities and can address them more collaboratively, instead of an imposition from the top down.
This is important, not only from a prevention perspective but especially during the mitigation of an attack in progress. If employees feel that they will be targeted by their employer for cybersecurity breaches, they are less likely to actively participate in remediation during an attack, and in fact, may hide essential evidence in an effort to protect themselves or claim they were not involved. It may result in employees being more likely to cover up incidents and not involve cybersecurity specialists immediately when time is of the essence. This costs critical time when it is needed most. It also creates an “every man for themself” mentality, instead of an “all for one” approach.
Post-incident we see all too often that the employees involved in these incidents are condemned by other employees and management, defamed, and even potentially referred to corporate legal for action. This creates a climate of fear following cyber incidents instead of focusing everyone’s attention on future prevention. It can also significantly traumatize employees causing loss of future effectiveness and eventual departure from the organization.
Human beings will always be vulnerable to social engineering and manipulation – all of us are.
Developing protective behaviors against it takes more than a policy and a couple of hours of mediocre training on the subject.
It is necessary that employees be shown how social engineering and manipulation actually work on them, their friends, their families, and societies. With an understanding of the real mechanics, employees become empowered to see their vulnerabilities clearly and are much more willing to adopt new defensive behaviors. This removes the climate of cyber-fear and replaces it with a shared comprehension of the need for unity and mutual support. Every employee will make mistakes, and instead of focusing on blame, every organization should recognize this as a fact.
Organizations need to recognize that their employees are every bit as much a victim when these attacks occur as the organization itself. When companies can make this leap to recognize this, then they can truly take a giant step towards full sharing of responsibility for prevention, mitigation, and post-incident recovery.
They must also recognize that employees, as victims, also need help after an incident.
Cybercrimes traumatize their victims, in some cases profoundly, and just like with physical crimes employees can be in need of professional support. However, the anticipatory fear that organizations impose on their employees through their policies and threats of financial or other liability only adds to the trauma after the fact. Human Resource departments need to be part of these conversations and recognize that like any crime victim, cybercrime victims need and deserve compassion and support and not condemnation and accusations. Not only because of the trauma imposed by truly reckless accusations but also because this creates a hostile working environment that can bring the liability back onto the company itself.
Our organization understands the fundamentals of cybercrime victims and strives to expand the role of victim support in all aspects of post-cybercrime remediation. This notion of an employee as a victim too is far from obvious for most of the corporate world. However, by adopting this posture, enterprises can better obtain the cooperation of employees in identifying vulnerabilities, better mitigating the damage from attacks, and reducing the traumatic impact on the organization and its employees. All of which leads to a more secure environment.
We welcome the opportunity to share this view and are open to helping organizations better understand it. Businesses and institutions are welcome to contact our nonprofit about how we can help you better understand the psychological impact of scams and how empowering your employees to be part of the solution instead of being viewed as the problem – this will help them achieve better, stronger, and more robust cybersecurity.
Our mission is to support scam victims whenever and wherever we can.
We hope that you can understand this shift in view and can find ways to internalize it in your own organizations. We are here to help.
Learn more
To learn more about scam victim blaming visit www.EndScamVictimBlaming.org
Please Rate This Article
Please Leave Us Your Comment
Also, tell us of any topics we might have missed.
Thank you for your comment. You may receive an email to follow up. We never share your data with marketers.
Recent Reader Comments
- on Conflict Avoidance and Its Role in Scam Victims: Before, During, and After the Scam – 2024: “Valuable tips for those avoiding conflict, of which I am one.” Dec 18, 12:08
- on Applying Beyond Order by Jordan Peterson to the Scam Victim’s Journey Through Recovery – 2024: “I really appreciated the contents of this article as I have adopted many of these principles into my recovery. Sometimes…” Dec 16, 02:10
- on Three Pillars of Happiness for Scam Victims-Survivors – 2024: “Edit- paragraph: DONE” Dec 15, 18:49
- on Motivational Denial – Recovery Psychology – 2023: “Recovery is indeed hard and this article gives an insight of the harm of motivational denial and how to avoid…” Dec 15, 18:41
- on Motivational Denial – Recovery Psychology – 2023: “Recovery is indeed hard and this article gives an insight of the harm of motivational denial and how to avoid…” Dec 15, 18:40
- on The Importance of Goal Setting for Scam Victims in Recovery – 2024: “It is really important to identify and set goals in the recovery journey, and this article is very helpful.” Dec 15, 12:08
- on Scam Victims & Mental Health Blaming: “I agree that when you don’t know the complexity of scams and their effects in the victims is what gives…” Dec 14, 12:34
- on Scam Victims Use Work To Avoid Healing: “I relied on work after the scam. Actually I was already overloaded with work, I had trouble setting boundaries and…” Dec 11, 09:48
- on Talking to Dead People through AI (Artificial Intelligence) – 2024: “De algún modo utilizar este recurso para traer de vuelta a un ser querido que ya murió.. es una forma…” Dec 11, 01:32
- on Scam Victim Resistance In Support Groups Therapy Or Counseling Can Destroy Opportunities For Recovery – 2024: “Learning about not only the scammers tactics but our vulnerabilities that enabled the crime really helps to address and diminish…” Dec 11, 00:03
Did you find this article useful?
If you did, please help the SCARS Institute to continue helping Scam Victims to become Survivors.
Your gift helps us continue our work and help more scam victims to find the path to recovery!
You can give at donate.AgainstScams.org
Important Information for New Scam Victims
- Please visit www.ScamVictimsSupport.org – a SCARS Website for New Scam Victims & Sextortion Victims
- SCARS Institute now offers a free recovery program at www.SCARSeducation.org
- Please visit www.ScamPsychology.org – to more fully understand the psychological concepts involved in scams and scam victim recovery
If you are looking for local trauma counselors please visit counseling.AgainstScams.org or join SCARS for our counseling/therapy benefit: membership.AgainstScams.org
If you need to speak with someone now, you can dial 988 or find phone numbers for crisis hotlines all around the world here: www.opencounseling.com/suicide-hotlines
A Question of Trust
At the SCARS Institute, we invite you to do your own research on the topics we speak about and publish, Our team investigates the subject being discussed, especially when it comes to understanding the scam victims-survivors experience. You can do Google searches but in many cases, you will have to wade through scientific papers and studies. However, remember that biases and perspectives matter and influence the outcome. Regardless, we encourage you to explore these topics as thoroughly as you can for your own awareness.
Statement About Victim Blaming
Some of our articles discuss various aspects of victims. This is both about better understanding victims (the science of victimology) and their behaviors and psychology. This helps us to educate victims/survivors about why these crimes happened and to not blame themselves, better develop recovery programs, and to help victims avoid scams in the future. At times this may sound like blaming the victim, but it does not blame scam victims, we are simply explaining the hows and whys of the experience victims have.
These articles, about the Psychology of Scams or Victim Psychology – meaning that all humans have psychological or cognitive characteristics in common that can either be exploited or work against us – help us all to understand the unique challenges victims face before, during, and after scams, fraud, or cybercrimes. These sometimes talk about some of the vulnerabilities the scammers exploit. Victims rarely have control of them or are even aware of them, until something like a scam happens and then they can learn how their mind works and how to overcome these mechanisms.
Articles like these help victims and others understand these processes and how to help prevent them from being exploited again or to help them recover more easily by understanding their post-scam behaviors. Learn more about the Psychology of Scams at www.ScamPsychology.org
SCARS Resources:
- Getting Started: ScamVictimsSupport.org
- FREE enrollment in the SCARS Institute training programs for scam victims SCARSeducation.org
- For New Victims of Relationship Scams newvictim.AgainstScams.org
- Subscribe to SCARS Newsletter newsletter.againstscams.org
- Sign up for SCARS professional support & recovery groups, visit support.AgainstScams.org
- Find competent trauma counselors or therapists, visit counseling.AgainstScams.org
- Become a SCARS Member and get free counseling benefits, visit membership.AgainstScams.org
- Report each and every crime, learn how to at reporting.AgainstScams.org
- Learn more about Scams & Scammers at RomanceScamsNOW.com and ScamsNOW.com
- Learn more about the Psychology of Scams and Scam Victims: ScamPsychology.org
- Self-Help Books for Scam Victims are at shop.AgainstScams.org
- Worldwide Crisis Hotlines: International Suicide Hotlines – OpenCounseling : OpenCounseling
- Campaign To End Scam Victim Blaming – 2024 (scamsnow.com)
Psychology Disclaimer:
All articles about psychology and the human brain on this website are for information & education only
The information provided in this and other SCARS articles are intended for educational and self-help purposes only and should not be construed as a substitute for professional therapy or counseling.
Note about Mindfulness: Mindfulness practices have the potential to create psychological distress for some individuals. Please consult a mental health professional or experienced meditation instructor for guidance should you encounter difficulties.
While any self-help techniques outlined herein may be beneficial for scam victims seeking to recover from their experience and move towards recovery, it is important to consult with a qualified mental health professional before initiating any course of action. Each individual’s experience and needs are unique, and what works for one person may not be suitable for another.
Additionally, any approach may not be appropriate for individuals with certain pre-existing mental health conditions or trauma histories. It is advisable to seek guidance from a licensed therapist or counselor who can provide personalized support, guidance, and treatment tailored to your specific needs.
If you are experiencing significant distress or emotional difficulties related to a scam or other traumatic event, please consult your doctor or mental health provider for appropriate care and support.
Also read our SCARS Institute Statement about Professional Care for Scam Victims – click here
If you are in crisis, feeling desperate, or in despair please call 988 or your local crisis hotline.
-/ 30 /-
What do you think about this?
Please share your thoughts in a comment below!
More ScamsNOW.com Articles
SCARS LINKS: AgainstScams.org RomanceScamsNOW.com ContraEstafas.org ScammerPhotos.com Anyscam.com ScamsNOW.com
reporting.AgainstScams.org support.AgainstScams.org membership.AgainstScams.org donate.AgainstScams.org shop.AgainstScams.org
youtube.AgainstScams.org linkedin.AgainstScams.org facebook.AgainstScams.org
Leave a Reply