A new story by Grid describes the actions that some companies take when employees click on a phishing link.

A favorite action? Firing that employee.

One company, the article describes, had a three strikes and you're out policy for phishing attempts. It happens in all industries and in companies of all sizes. 

Some companies have put up signs in the office saying which employee fell for a phishing attack.

Or consider this story: A Scottish company sued and fired an employee who mistakenly gave money to a fraudster. (The employee didn't have to end up paying what would've been the equivalent of $117,000.)

The idea of these tactics is to scare employees into not clicking on phishing links.

But phishing emails can be incredibly convincing and tough to stop. What about clicking on an URL that doesn't detonate until after it's clicked? Whose fault is that?

There's a better way: Prevent phishing emails from reaching the inbox in the first place. No one clicks on links; no one gets fired.

It's a win-win.