It’s Not the Tech That Fails — It’s the People
You can have the strongest passwords, the fanciest firewalls, and antivirus software that costs more than your car insurance — but all it takes is one person to click the wrong thing, and boom. Game over.
In cybersecurity, the biggest vulnerability isn’t the system — it’s the human operating it. Whether it’s carelessness, confusion, or someone just having “one of those days,” human error is the root cause behind a huge chunk of cyber incidents.
That’s why this workshop isn’t about blaming Karen… okay, maybe it is a little — but mostly, it’s about learning from her.
Real Talk: People Are Click-Happy
Studies have shown that over 90% of cyber attacks start with human error. That’s clicking a bad link, downloading a sketchy file, trusting a dodgy email, or sending sensitive info to someone pretending to be the boss.
Common human slip-ups:
Clicking phishing emails because they “looked official”
Reusing the same weak password everywhere
Leaving devices unlocked or unattended
Writing passwords on sticky notes
Falling for fake tech support calls
Oversharing on social media (yes, Karen, your dog’s name is your password, isn’t it?)
Even smart people mess up — because the attack methods are designed to manipulate emotions. Fear, urgency, curiosity… that’s what phishing plays on.
Why Do We Keep Falling For It?
It’s not because we’re daft. It’s because:
We trust too easily — especially if something looks legit
We’re in a rush — and security feels like a hassle
We don’t think we’re targets — “Why would anyone hack me?”
We don’t know what to look for — and attackers exploit that
This is exactly what cybercriminals bank on. They don’t need to hack in — they just wait for you to let them in.
The Psychology of the Con
Phishing scams, in particular, rely on social engineering — that’s manipulating people into doing something they wouldn’t normally do. It’s less about code and more about clever lies.
Common tricks:
Urgent messages from “the bank” or “IT support”
Emails pretending to be your boss needing “a quick favour”
Fake login pages that look almost real
Messages designed to cause panic (like “Your account will be closed”)
These aren’t always obvious. Many phishing emails look exactly like real ones. And in a fast-paced work environment, people rarely double-check before clicking.
Karen’s Story: A Totally Made-Up But Completely Believable Incident
Let’s paint the picture.
Karen works in admin. She gets an email saying the company’s Microsoft licence has expired and she must log in immediately to reactivate it — or lose access. It looks real. The logo’s there. The link says “microsoft-support-verify-login.com”. She clicks it, logs in, and moves on.
A few hours later, IT detects suspicious logins from Russia. Company data has been accessed. And nobody can find Karen because she’s on lunch.
It wasn’t malicious. It wasn’t stupidity. It was a moment of trust… and that’s all it took.
The Fix? Awareness, Not Shame
We don’t need to scare people — we need to train them. Cybersecurity awareness isn’t about turning everyone into an IT expert. It’s about:
Teaching people to pause and check before clicking
Knowing what a phishing email looks like
Using multi-factor authentication (so a stolen password isn’t enough)
Encouraging reporting without fear when someone makes a mistake
Keeping software and systems up to date
And yes — calling out Karen with love, so she doesn’t do it again.
Final Thought
We love Karen. But she’s also the reason we lock our digital doors twice.
Cybersecurity is everyone’s responsibility, not just IT’s job. A single mistake can bring down an entire company — or expose your personal data to the wrong hands. But a bit of education goes a long way.
So if you ever get an email saying “Click here urgently to secure your account”…
Stop. Breathe. Ask yourself: Would Karen click this?
If the answer’s yes… maybe don’t.
Click “Complete” before moving on.