When companies consider cyber security defenses, they often focus on the technological tools that can help them prevent data breaches and other kinds of malicious hacking. Granted, these tools are critical. For example, it's extremely helpful to use updated anti-malware software, firewalls, and two-factor authentication to better protect your network and accounts.
However, in focusing on purely technological defenses, companies may overlook a critical threat to cyber security: employee error.
According to a 2015 study from CompTIA, employee errors are at the root of roughly 52% of corporate security breaches. Employee errors that compromise your cyber security include the following:
• Careless Internet browsing and email use; for example, thoughtlessly downloading email attachments.
• An inclination to take online communications and websites at face value and quickly trust them.
• A failure to protect sensitive data; this includes sharing passwords, transferring confidential files over insecure connections, and neglecting to apply encryption.
• A lack of awareness about cyber security threats.
• Ignorance or negligence regarding your company's cyber security policies.
Any of these behaviors can expose you to a devastating cyber attack. For example, a quickness to trust people at face value can lead your company to fall victim to a successful phishing attack. Phishing is a common cyber crime that involves tricking someone into disclosing sensitive information. Recently, for instance, cyber criminals obtained employee tax records from a variety of organizations. One method involved sending an email supposedly from the company's CEO and requesting the information. Rather than double-checking the authenticity of the request, and remaining suspicious about a demand to send tax forms over email, employees complied.
Any organization, large or small, can fall victim to these attacks. Cyber criminals attempt to exploit every vulnerability in a company's IT configuration. And they can often count on human error to give them openings for an attack.
What can you do about these kinds of employee errors?
To begin with, your company needs to come up with a comprehensive cyber security plan that includes clear policies governing employee behavior in various IT scenarios. Whether it's transmitting files or using only approved applications for work, your employees should have guidelines and standards to follow.
However, as important as it is to devise comprehensive cyber security policies, those policies won't make much of a difference if employees neglect them. Their neglect will undermine any efforts you make to secure your data and network. For example, a recent article from Business Cloud News reports that "employee negligence and indifference" weaken security when companies rely on cloud-based programs.
How can you combat employee neglect? First, you must enforce your policies. If employees assume that their poor cyber habits won't result in lost privileges or other consequences, they won't have as much motivation to follow policies. At the same time, you shouldn't make them so afraid of punitive action that they fail to quickly report errors that compromise security and require a rapid response.
Having your employees undergo cyber training is an important step. Training should emphasize how cyber security is critical for a company's success and that employees can apply it at home to make their personal computing safer as well. Good training will lead to a deeper understanding of cyber security risks and the need to question online communications, protect data, and collaborate in efforts to keep your company secure.
Management should also model good cyber security habits to employees; when company executives don't appear to care about cyber security, employees won't concern themselves with it either. The key is to promote an overall culture in your company that stresses the importance of cyber security. Instead of leaving security solutions entirely in the hands of your IT personnel, make everyone a part of the solution. To further help your employees comply with security policies, you may have to change the way you carry out various business operations so that employees have an easier time following protocols.
Don't hesitate to contact us to further discuss cyber security solutions for your company. Cyber security should extend beyond purely technological tools and decisions made among IT personnel. It should instead become a central part of your company's culture.