Banks Struggling With ‘You Can’t Fix Stupid’ Problem

JPM to employees: "Don't be stupid, you moron!"

Looks legitimate.

It’s hard - and expensive - enough to build extra-strength cyber barn doors when all it takes is one employee posting a vacation photo or leaving an out-of-office message to swing those doors right open.

And it's senseless to spend any time or treasure if one of your employees is going to just drop a USB drive full of sensitive, confidential information at a bar on Second Avenue.

At least with the last one, you’ve got a fighting chance. But what do you do about the vast, swirling pool of credulous gullibility that is one-fifth of your workforce other than give up and go home?

Weeks after J.P. Morgan Chase & Co. was hit with a massive data breach that exposed information from 76 million households, the country’s biggest bank by assets sent a fake phishing email as a test to its more than 250,000 employees. Roughly 20% of them clicked on it, according to people familiar with the email.

Banks Battle Staffers’ Vulnerability to Hacks [WSJ]