Your network may be protected from external threats, but is it protected from your own employees? Employees remain the leading cyber security threat for organizations of all sizes and industries. From malicious insiders to negligent users, employees single-handedly account for the vast majority of data breaches and security events. In this post, we take a look at four different ways in which your employees endanger your organization’s cyber security.
1. Employees Just Want to Get Their Work Done
Employees will create security workarounds, use potentially vulnerable third-party applications, and share information recklessly simply because they want to get their job done. Issues often arise when a system designed to improve security creates a roadblock to productivity. For instance, employees may find logging into a file sharing suite too cumbersome and begin instead saving sensitive files to their desktop.
2. Employees Often Don't Understand the Security Risk
Because employees are concentrating on their work, they often don't think about the potential security issues they are creating. Employees must be appropriately trained on the importance of security and how certain actions can impair security. Actions such as using personal email accounts for confidential data can be so ubiquitous that employees may not think twice.
3. Employees Are Susceptible to Social Engineering
Social engineering is one of the most insidious of all cyber security threats, primarily because it's so simple. Many employees will give an individual confidential information if they simply call and claim to be from tech support. Employees have to be knowledgeable about the risks of social engineering or it becomes extremely easy for them to compromise their data. Phishing attempts are another area of social engineering that is commonly successful -- today there are special security suites designed to detect phishing attempts before they are ever delivered.
4. Employees Make Mistakes
Most employee issues are caused not through malicious or intentional actions but through simple negligence.
As long as a system has been created that relies upon the employee to keep it secure, there will be mistakes. Employees may forget to password protect documents, write passwords down, or fail to encrypt information that they should. The only way a company can address this is by reducing the steps that employees need to take to maintain system security.
Cyber security needs to be addressed on all levels of an organization for training to be effective. Nevertheless, there will always be mistakes. Employee training alone cannot counter the cyber security threat presented by employees. Monitored and managed IT services can provide a line of defense against potentially malicious or negligent actions, identifying suspicious activity and mitigating threats before they become an issue.