When we think of cybersecurity risks, often the first thing that pops into our heads is the threats we face from hackers. However, based on a survey from the Ponemon Institute the reality is that the most significant threat to information security isn’t from hackers, but from our own employees.
Our employees are our biggest cybersecurity risk
According to their report, “The biggest problem identified in this year’s research is the negligent or careless employee with multiple mobile devices using commercial cloud apps and working outside the office.”
Negligent employees pose an even bigger risk to our data security than external threats. Most of the data breaches identified in this survey were “internal and unintentionally caused by employees who were negligent, careless, or ignored security policies.”
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, chairman of the research firm, in a recent interview. “Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey.”
Organizations should consider an effective workforce education strategy to equip their staff to become human firewalls.
Endpoint security threats
The biggest threats to endpoint security identified in the survey were:
- Negligent or careless employees who do not follow security policies – 78%
- Personal devices connected to the network (BYOD) – 68%
- Employees’ use of commercial cloud applications in the workplace – 66%
Other findings in the survey that are of interest:
- The number of employees and others using multiple mobile devices in the workplace has increased – 65%
- The number of insecure mobile devices used in the workplace has increased significantly – 45%
- Malware infections are more stealthy and difficult to detect – 45%
- More employees are working offsite and using insecure WiFi connections – 38%
Unfortunately, an information security team can’t simply install an appliance to solve this behavior. However, they can educate staff with solutions like KnowBe4 to raise awareness of security policies and the associated risks if they’re ignored.
Preventing an employee-caused data breach can be incredibly difficult. But there are several ways to get a better handle on the issue:
Routine reminders and training can go a long way to assure that everyone understands that information security is everybody’s responsibility. Make sure everyone is familiar with the basics.
- What are the established security policies, and that
- Removable storage devices (USBs, disks, etc.) are easily lost or stolen.
- Emails containing sensitive data should be encrypted so if they’re sent to the wrong person they remain protected, and
- Third-party file-sharing and storage websites (Dropbox, Google Drive, etc.) are not secure.
Assess the risk
Identifying data storage and distribution practices is the first step to uncovering any vulnerabilities that could exist.
- Have there been any breaches in the past? If so, what were the causes?
- How confidential files are typically transferred and stored?
- What are the common practices for accessing mobile information?
Regularly review regulatory compliance requirements
Many organizations are required to audit and report on their data security initiatives to remain compliant. As security tools mature there is the opportunity to implement routine security health checks on people, processes, and technologies.
Secure and manage data in motion
Data that is being transferred is at risk of being lost, stolen, or otherwise compromised from internal breaches and human error. The security team must implement systems that can effectively secure and manage data in motion. Transparency is important. Visibility into what was sent, how it was sent, to whom it was sent, and who accessed it is imperative.
Data security will always be a priority. Whether the risk is internal or external, diligence is required. If you would like to find out how Mainstream can equip your employees to protect your information, please click here.
Mainstream Technologies is a Little Rock, AR IT firm with offices in Conway and Bentonville, AR. Mainstream creates, manages, and secures technology for clients in both the private and public sectors across the country. We offer software development services, managed IT services, data center services, and cybersecurity solutions,