But there's something about a cute cat photo that gets people to put some of that caution aside and go ahead and click.
After all, what could be more innocuous?
That's a big problem for companies, because most breaches don't come from hacker masterminds, but from silly or thoughtless mistakes by employees.
According to the Wall Street Journal's Geoff Fowler, companies are trying to catch employees in the act to teach them better habits.
Virginia based PhishMe is hired by companies to do just that, sending photos of a cute cat named "Dr. Zaius" trying to trick people into clicking into an attachment promising more photos. Those that fall for it get warned by the tech department.
Aaron Higbee, who co-founded the company, is the owner of the cat featured, and masterminded the email.
Ryan Jones of Chicago-based
So next time you see an email promising adorable animal pictures, make sure it's from a trusted source, or better yet, skip it all together, especially when on a work computer.
It may seem like something of a sideshow compared to mandating good passwords or encrypting data, but it's something businesses need to account for. For all of the airtight enterprise technology and multiple levels of security, the hardest thing to guard against is employee carelessness.
It's relatively rare for an employee to create a security breach with malicious intent. But it's pretty easy to click an attachment without thinking too hard about it.