Research from Kaspersky Lab, The Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within, has discovered that negligent employees contributed to 46% of cyber incidents in 2017.
The study surveyed 5,000 companies from around the world to investigate how employees’ actions affect businesses and increases their vulnerabilities.
- 57% of businesses ‘now assume’ that their IT security will be compromised
- 52% believe that their employees are the biggest weakness because of careless actions
- 47% identified ‘inappropriate sharing of data via mobile devices’ as their greatest fear, closely followed by ‘physical loss of mobile devices exposing the organisation to risk’ (46%)
- 54% of businesses admitted experiencing data exposure because of employees losing devices
- 28% of businesses have lost confidential employee/customer data as a direct result of irresponsible employees, and 25% confessed to losing payment information
- 44% of companies admitted that their employees do not follow IT security policies correctly. Despite this, only 26% of organisations plan to take action to properly enforce them
Some of these findings are particularly troubling, especially businesses being aware that their employees do not follow IT security policies. It’s an accident waiting to happen.
IT security policies are in place for a reason and employees should be aware of them and their purpose. With cyber security threats becoming more sophisticated, organisations need to be more prepared than ever or risk the consequences.
The other findings show the vast extent to which employees are harming their organisations because of carelessness and irresponsible actions. Significant improvements need to be made.
No matter how prepared an organization thinks it is, its employees will always be a wildcard. Employees’ tendency to expose data, their inability to create safe passwords, and other similar weaknesses mean that organisations must help them follow best practice as much as possible. Don’t let your staff be your downfall.
Investing in staff education is important, but it must provide them with the confidence needed to deal with threats appropriately.
Vladimir Zapolyansky, head of SMB business at Kaspersky Lab, said:
The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cyber security culture is still being developed. Not only can employees themselves fall victims of cyberthreats, but they are also obliged to guard their company from those threats in the first place. In this regard, businesses should pay attention to educating staff and introducing easy to use and manage, but still powerful solutions that make this achievable for those who are not experts in IT security.
Staff awareness training can help tackle insider threats by making sure that staff who have access to sensitive data have the correct knowledge and understanding of information security, as well as being aware of the consequences and risks.
With data breaches becoming more of an everyday occurrence, it’s more important than ever to make sure that employees are aware of internal security policies and procedures, as well as information security best practice.
Reduce your security risk exposure with staff awareness training
Implementing a comprehensive will give employees a clear understanding of their compliance requirements, your organisation’s security policies and procedures, and information security best practice to reduce preventable mistakes. Even basic training has the potential to prevent security incidents.
In order to increase employee awareness cost effectively and with minimal disruption, e-learning courses are often a preferred method. E-learning course topics include phishing, information security and the GDPR.