Who poses the biggest threat to your business’ cybersecurity? Is it the thief above or a competitor looking to sabotage? Or could it be one of your employees? None come with a warning I’m afraid. You need employee cybersecurity Training. Employees and cybersecurity go hand in hand.
The EasyJet cyberattack made big headlines, as do all the blue chips. But it still happens to smaller businesses – it’s just not published! It’s made worse by home working, which we’re all doing more of.
Every business needs to set up defenses.
One thing overlooked is the insider threats – employees. They don’t do it on purpose (well not generally) but they do nevertheless represent a significant risk to your business.
An insider threat is defined as: “the cyber risk posed to an organisation due to the behaviour of its employees.”
Most employees do not plan subterfuge; the majority of internal threats are unintentional, often born of carelessness or negligence. A 2019 IBM Cost of Data Breach survey revealed that 24% of all data breaches in the past five years were the result of negligent employees (or contractors who have access to your systems).
Human error in cybersecurity threats
Human error thrives in the workplace. We’re distracted with multi-tasking or in a rush to handle last-minute projects. Sometimes employees aren’t trained properly to handle data or simply aren’t aware of the dangers and cautions surrounding breaches. In an Insider Data Breach report, 60% of executives stated that they felt the major cause of internal breaches were employees who made mistakes while rushing to complete tasks. Another 44% felt a lack of general awareness as the second primary reason, and 36% cited a lack of training for their business’ security tools.
The Insider Data Breach Report also surveyed the mentality behind unintentional breaches from the employees’ perspective: 48% of staff felt they facilitated a breach when in a rush; 30% cited a high-pressure environment, and 29% stated they were tired.
Ways employees present cybersecurity risks
- Lose company mobile devices, such as laptops and phones
- Don’t password-protect devices or encrypt sensitive files
- Access data and business systems through unsecured WiFi connections
- Store passwords on computers or mobile devices
- Use weak passwords or one password for all access points
- Open suspicious emails or click on infected links
- Access company data on personal devices that don’t have antivirus software or firewalls
- Accidentally send information to the wrong person
- And, of course, click on rogue emails
Because insiders can cause substantial inadvertent cyber incidents, your business must apply just as much effort to your internal security as you do for external threats.
Tips for information security data theft
- Educate employees on cybersecurity best practices through Security Awareness Training
- Require strong passwords for all devices used to access company networks
- Require file encryption
- Employ two-factor authentication as mandatory
- Do not permit network access on unsecured WiFi connections
However, following these tactics isn’t a complete security strategy. Penntech IT Solutions can bolster your security framework. We can develop a full-spectrum plan that addresses often-overlooked internal vulnerabilities with automated monitoring and daily alerts of suspicious activity. We can show you how to guard against the threats from within.