I think I'm a pretty technical guy. I'm fairly certain if my job was more dependent on email, I'd get phished eventually. If the IT department hasn't made a move towards using 2FA, it doesn't seem right to punish employees with termination.