On this blog we have discussed how cyber threats are increasingly changing the way organization’s protect their company data. Hackers, phishing scams, ransomware and viruses are at the top of mind for many IT experts, but the top threat at most organizations may be much closer to home. Employee negligence and error is the number one cause of data breaches, and are usually accidental – not malicious.
A recent study revealed that 47% of surveyed businesses had experienced a data breach which happened due to employee negligence. These incidents involve over 1,000 small businesses in the United States annually, with an average cost of $3.9 million. That dollar amount is at a level which would (and does) ruin many small business operations – not only due to loss of revenue but because of a loss of credibility with current and future customers. The good news is that your employees are a variable which are largely under your control. Unlike criminals which hide and operate in the shadows, you can train employees as needed and monitor their activities to a large extent.
Avoiding Employee Negligence
The study identified a number of employee activities which commonly lead to breaches. These bad habits of employees include:
- Computers left unattended or unlocked, allowing unauthorized personnel to access information, accounts or networks otherwise protected.
- Writing important or sensitive information down on paper and not securing the information.
- Working remotely, whether at home or on a public network, permits unauthorized people to access via an unsecured Wi-Fi connection.
Because of the recent pandemic, more companies have adopted a business model involving a remote workforce. The benefits of flexibility and lower overhead, however, are offset by the possibility for more employees working on unsecure networks. Even before the stay-at-home orders, many companies were learning to embrace this new way of operating.
However, experts agree that most companies do not have an adequate policy in place to protect against data breaches in this new world. (Read about creating Work-from-Home Guidelines.)
How to Train Employees
Employee negligence may be a troubling trend, but preparing your employees and training them properly can go a long way towards protecting your business data and networks. According to experts, there are many ways to do so:
- Develop a comprehensive employee handbook with guidelines to address both cybersecurity and physical security. Be sure to have bi-annual review sessions to make sure all employees are educated.
- Conduct regular training opportunities throughout the year. A one-time session or even annual class is not enough to ensure that your employees are up to date and reminded about your security protocols. Consider a monthly lunch-and-learn or similar time to review policies with all employees.
- Put a clean desk policy in place, meaning that all documents must be secured and computers locked before leaving their workspace.
- Set up a policy for disposing of old flash drives and hard drives. You may wish to have your IT department or managed services company accept these drives when an employee is getting ready to dispose of them. In this way, you can be sure that sensitive data is properly handled.
- Train employees extensively on proper protocols for access business or personal data on public networks. Provide every remote employee with a VPN, and train them on phishing or email scams. Remember that most employees will access their email from a phone while at home, unless you set up the network differently.
- Designate a procedure for reporting possible breaches, scams or threats.
Most employee negligence is not malicious, but can be just as damaging as an external attack. The experts at Alliance IT are here to help you set up your remote workforce safely in order to best protect your organization. Call us today for a technical assessment.
