Studies have shown that data breaches can be traced back to employees of an organization. It is important to note, however, that employees who cause these data breaches can be categorized into three types:
1. The unintentional insider
This type of employee causes a data breach through unintentional actions such as:
a. Accidentally disclosing sensitive information on the internet (e.g. on a website, social media or missent to the wrong party)
b. Clicking on URLs in emails (phishing attack)
c. Inappropriate or accidental disposal of documents and other physical records
d. Losing mobile devices (e.g. smartphones, laptops, etc.) that contain sensitive information
2. The careless employee
These are individuals who simply ignore security warnings. In 2013, Google commissioned researchers to study internet user behavior. The research showed that 25 million SSL warnings on Chrome were ignored 70.2 percent of the time. This was partly because of the users’ lack of technical knowledge. As a result, Google simplified the language that it uses in the browser’s warnings.
3. The employee with malicious intent
These are the individuals who intentionally steal sensitive information for their use (e.g. credit card details, passwords, etc.). In many cases, these are disgruntled former employees who feel that they have to take revenge on their employers for a perceived injustice.
What steps should organizations do to prevent employees from causing data breaches?
1. Do due diligence on background checks
Background checks are a normal part of the hiring process. If you want to know more about an applicant, you need to contact his or her former employers. Sometimes, a simple Google check can reveal important information about a person.
2. Building trust with employees
If you want your employees to do excellent work or to surpass your expectations, you should earn their trust. How? Instead of just giving out orders, ask questions. Give honest feedback. Deliver on your promises (e.g. a bonus or raise for excellent performance). Admit when you make mistakes. Do not ask employees to do something that you will not do yourself.
When your employees trust you, they tend to be happier and more willing to provide excellent work for an organization. Additionally, they will not want to do anything that will harm the company.
3. Educate Your Employees on Cyber Security
According to Michael Kaiser, executive director of the National Cyber Security Alliance, “It is imperative for organizations of all sizes to instill among employees the critical role they play in keeping their workplace safe and secure.”
Kaiser made this comment after the Dell End-User Security Survey 2017 found that “72% of employees are willing to share sensitive, confidential or regulated information.” The survey showed that in most cases, the employees concerned did not have malicious motives. They were just “trying to do their jobs as efficiently and effectively as possible.”
Kaiser explained that educating employees on cybersecurity does not mean having your workers attend seminars but “making security a collaborative, continuous cultural initiative.”
4. Cybersecurity requires team effort
It is important to remember that all employees play a crucial role in cybersecurity. To help remind your employees of good practices regarding cybersecurity, you need to share this checklist:
a. Instruct your employees to use unique complex passwords for each account they handle. Passwords should never be shared among accounts.
b. Limit the use of shared accounts among employees. In cases where having shared accounts is necessary (e.g. an admin account), instruct employees to use additional authentication methods to distinguish each user.
c. Using two-factor authentication can help prevent data breaches. This is often ignored but it can protect accounts because users need to use a security token or an additional device to complete authorization.
5. Maximize cybersecurity tools to make access easier
It is impossible to monitor all employees who access the system all of the time. Organizations need to have cybersecurity tools in place to help your workforce prevent data breaches from taking place. Some important security tools that a company needs are:
a. Antivirus software
All computer systems should have antivirus software installed. This is, of course, standard operating procedure for organizations. Today, there are several antivirus software available on the market. Here are some of the popular antivirus software in 2017.
Invest in a firewall as this will monitor all of your organization’s network traffic. It is not 100% foolproof but it can help filter out certain threats and is capable of blocking some sites that it detects as harmful for users to visit.
c. Password manager
As stated earlier, using strong passwords is important. Changing passwords regularly (e.g. every year or every 6 months) can also add another layer of security. However, it can be difficult to keep everything organized in a company, especially if you have a large workforce. Fortunately, there are password managers available for practically all types of operating system.
d. VPN (Virtual Private Network)
A VPN is a secure and private solution where your network traffic is encrypted so that outsiders cannot see what is going on in your organization’s computers. Choose from VPN providers who can help you.
6. Train employees
Having the latest hardware and software for your organization is not enough. Having cybersecurity experts address security issues is not enough. Employees should also be trained by these experts on how to avoid data breaches. They need to know about phishing and other ways cybercriminals can access data without their knowledge.
Make it a point to go over new updates regularly and follow up on how your employees are handling cybersecurity. Sometimes, encouraging them to ask questions may help identify potential problems in the system.
All organizations are prone to cyber attacks. It is only logical to secure your first line of defense – your employees.
This is a Security Bloggers Network syndicated blog post authored by Press Release. Read the original post at: News and Views – Netswitch Technology Management