Are Employees Your Weakest Link When It Comes To Security?

In security, the “human factor” is the bit we can’t account for.  Your technology could have every fail-safe, every safety feature and yet a lack of employee education could instantly compromise all of that.

So just how much of a threat are your employees?  Well, when IBM carried out the 2016 Cyber Security Intelligence Index, it found 60% of all attacks were carried out by insiders.  It’s not just ineptitude or human error either.  Cyber crime is a huge growth area and cyber criminals aren’t just lingering in a locked room on the dark web – they could be suited and booted and sitting right there in your office.

There are so many types of cyber crimes that threaten businesses.  From an activist who deliberately leaks data, to a disgruntled employee who sells a story to the press – you also need to be aware of malicious employees working with hackers or fraudsters too, supplying passwords, sensitive data or releasing malware into your system.  The human factor in all of this is unpredictable, after all.

So how can you turn your biggest threat into your biggest opportunity?

By putting security training at the heart of business development among your employees, and effectively training them to fight against an attack.  It's no easy feat but put yourself in your employees’ shoes: isn’t it much nicer to be invested in, trusted and involved in the security of your organisation?

My advice, don’t perceive employees as a threat – educate them about how they can become a “shield” against cyber crime. If you’re unsure where to start here are three easy ways to get started:

Start the process from the top down: The lines of communication need to be as strong between the security department and the management board as they are between IT and employees. Make briefings a diarised appointment and ensure management are fully briefed on the risks facing your organisation , the potential implications, and how employees can help be part of the solution.  Leading by example cannot be underestimated, so people will be inspired to take security seriously if they see the management board doing so too.

Encrypt everything: Use two factor authentication as standard, and put users into security groups according to their ability and expertise.  A one size approach doesn’t fit all in training terms so it’s important those with a better understanding aren’t talked down to, and those with more to learn are given the tools they need to understand why taking an active role in cyber security is so important.

Talk in terms of “shield” not “threat”: Be positive right from the start and don’t talk down to employees - you should have faith in them, and encourage them to take an interested in shielding the business from threats.  Yes, the risks are real, but inspiring staff is much more successful than demeaning them. You can incentivise through rewards and create ambassadors to promote your goals for you – stakeholder management is a great technique to use.
Teaching your employees to be more cyber aware is a skill for life, so make the training relatable to them and their everyday lives.  If people believe learning something new is good not only for you, as their employer, but for them, and their families, you’ll get a serious level of buy in and find your employees can quite easily become your biggest asset.

Jane Frankland is a cyber security expert and Managing Director of Cyber Security Capital, which helps cyber security professionals to develop their careers or build their businesses. She is passionate about helping to increase the numbers of women in cyber security and has authored a book - In Security: How a failure to attract and retain women in cyber security is making us all less safe.

First pubished on Dropbox Business Blog:

 

 

« London Conference: Protecting Critical Infrastructure
Trump Administration's Policy On Cybersecurity »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Vintegris

Vintegris

Vintegris are a Certification Authority and manufacturer of innovative systems and applications for the full cycle of digital identity.

Digital Innovation Hub Slovenia (DIH)

Digital Innovation Hub Slovenia (DIH)

DIH Slovenia is a central hub providing services to grow digital competencies in areas including robotics, IoT, cyberphysical systems and cybersecurity.

Information Technology Industry Development Agency (ITIDA)

Information Technology Industry Development Agency (ITIDA)

ITIDA has two broad goals: building the capacities of Egypt’s local information and communications technology (ICT) industry and attracting foreign direct investments to boost the ICT sector.

Balbix

Balbix

Balbix BreachControl™ is the industry’s first system to leverage specialized AI to provide comprehensive and continuous predictive assessment of breach risk.

DeepCyber

DeepCyber

DeepCyber supports its customers, with an “intelligence-driven” approach, to improve their proactive detection and response "capability" of cyber threats.

CyberSaint Security

CyberSaint Security

CyberSaint’s CyberStrong Platform empowers organizations to implement automated, intelligent cybersecurity compliance and risk management.

Cryptyk

Cryptyk

CRYPTYK CLOUD is the first complete enterprise-class cloud security solution that includes cloud storage and broad protection against all external and internal threats.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Maintel

Maintel

Maintel provides cloud and managed communications services. We help our customers to deliver exceptional customer experiences, and to securely access their applications and their data.

Sonet.io

Sonet.io

Sonet.io is built for IT leaders that want a great experience for their remote workers, while enhancing security and observability.

Cytek

Cytek

Cytek is a leading provider of cybersecurity and HIPAA compliance for dental practices and other industries.

MyTurn Career LLC

MyTurn Career LLC

Looking for a rewarding career in cybersecurity? Explore a wide range of cybersecurity jobs and opportunities in this rapidly evolving field.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.

Synergy ECP

Synergy ECP

Synergy ECP has a talented, dedicated staff to provide a broad range of services to the defense and intelligence industries.