Employee Cybersecurity Negligence a Risk

Employee Cybersecurity Negligence a Risk

Employee cybersecurity negligence is still a major cause of risk for businesses.  Despite an increased emphasis on training people, human error and bad habits continue to endanger sensitive information.

Data Breaches on the Rise

Institutions of all types have seen a dramatic increase in the number of cyber attacks.  This has been especially the case during the pandemic with an increase in the number of people working remotely.  These attacks are hitting every sector of business and government.  While expensive to large enterprises they can lead to the demise of small businesses.

Remote working has led to increased dependency on teleconferencing and working outside of facility controlled wi fi networks.  In many cases businesses have not created sufficient policies in place for remote access.  Often this has resulted in inappropriate technologies being employed.  As a result meetings have been “zoombombed” and sensitive information has been exposed.

More Training Not Necessarily the Solution

Although it may seem counter intuitive, more training on cyber security best practices does not always lead to long term changes in behaviors.  Many breaches are caused by actions most would recognize as unsafe.  These include leaving a computer unlocked and unattended, connecting to unsecured wi fi, falling for a phishing scam in an email, or sending emails with critical information to wrong parties.

Generational Differences in Behaviors

Many might be tempted to conclude that millennials, having grown up with continual access to technology, would have a superior grasp of cybersecurity practices.  However often millennials are less concerned about sharing sensitive data.  Additionally, because this generation is used to more instantaneous results they often will practice long ingrained short cuts to get a job accomplished quickly, thereby bypassing security measures. 

Older employees are often not as aware of current cyber threats of information security protocols and can be less likely to incorporate new procedures and protocols, again reverting to old habits.

Responding to Human Error and Negligence

While cyber criminals continue to develop increasingly sophisticated tools to accomplish their goals, relatively unsophisticated methods such as phishing remain extremely effective.  Phishing attacks prey upon human gullibility with fake emails and phony sites to gain access to sensitive information.

The solution to effective data security, therefore, cannot be solely addressed with IT solutions.  An anti virus program will probably not prevent all acts of employee negligence.  When data security risks are realistically evaluated, the resulting question is not “what should we do if we are hacked?” but “what should we do when we are hacked?”

To develop effective data security plans an organization requires an Information Security Management System (ISMS).  CVG Strategy can help you develop an effective ISMS that is tailored to large corporations or small business owners.  We specialize in ISO 27001 and NIST 800-171.  We can also assist those working in the defense industry achieve Cybersecurity Maturity Model Certification (CMMC).

An ISMS can help an organization realistically assess their employee cybersecurity negligence risks and develop appropriate policies to mitigate data breaches.  It also provides mechanisms for creating incidents response plans to address breaches when they occur.  Furthermore, certification in an appropriate ISMS conveys to those you partner with your organization’s commitment and diligence to data security.

Kevin Gholston

Share this post