As a business leader, chances are you’re already aware that your organisation operates in an environment of constant risk.
While that might sound dramatic, it’s true. With more devices interacting with corporate systems, exponential growth in enterprise data holdings and strong uptake of new and diverse applications, the modern workplace can be a cybersecurity minefield.
The average cost of a single cybercrime attack in Australia is estimated at $276,323 – an expense many businesses simply cannot afford to bear.
It is no surprise, then, that CISOs and executive teams are investing heavily in cybersecurity defences. However, some fall into the trap of overlooking their organisation’s biggest security vulnerability: employees.
Despite their best intentions, employees are often an organisation’s weakest link. Human error has been identified as a contributing factor in 95 percent of cybersecurity incidents, which underscores the importance of being vigilant about vulnerabilities within organisations as well as external threats.
Let’s take a closer look at how your employees could be compromising your cybersecurity.
1. Not Recognising Cyber Threats
Employees are a popular target for ransomware, phishing attacks and other forms of malware that seek to disrupt or access corporate systems.
Worryingly, malware attacks are getting more sophisticated by the day. The average internet user may struggle to distinguish a potential threat from a genuine email, to the extent that 97 percent of people can’t identify a sophisticated phishing email.
If malware gets through your entity’s firewall, it only takes one employee mistaking it as legitimate to put your entire organisation at risk. Intelligent defences that scan for, detect and block malware have never been more important.
2. Poor Password Management
Using simple passwords, and re-using the same password across multiple platforms, continues to expose individuals and their workplaces to cybersecurity risk. This is particularly true in instances where multi-factor authentication and single sign-on are not enforced.
At the end of the day, a malicious actor only needs to gain access to one account to wreak havoc on corporate information, systems and business operations. Unfortunately, employees often don’t heed good password practices.
For example, a recent analysis of government and military passwords found that 50 percent of passwords could be cracked within two days, with the most common passwords being ‘123456’ and ‘password’.
Strong password policies that enforce regular password changes and prevent password re-use, as well as enforced multi-factor authentication and single sign-on, can go a long way in protecting company data.
3. Compromising Sensitive Information
With privileged access to company information, there are many ways employees can unintentionally enable or facilitate the unauthorised disclosure of data. Opportunities for unauthorised access can arise from seemingly harmless behaviours such as:
- Accessing or storing enterprise data on an unsecured device (i.e. home computer, personal mobile phone, or on a personal cloud storage account)
- Leaving sensitive information unattended at a desk
- Working on sensitive data in a public place like an airport or coffee shop, while connected to public wi-fi.
Strong device management policies – ranging from mobile device management to device autolocking and privacy screens – can provide protection.
4. Taking Advantage Of Weak Access Policies
Every organisation handles highly sensitive data such as personnel files, commercial information and financial records. Without appropriate controls in place, users may be able to perform a range of damaging actions such as storing copies, distributing sensitive information and amending or deleting records.
The problem is that monitoring data access can be challenging, especially in larger organisations. It’s easy to lose track of which employee needs access to which information, as well as information like when the document was last accessed or edited.
As a general principle, employees should only have access to information and systems that are necessary for performing their role. Effective role-based access controls are routinely monitored and, importantly, updated when an employee has a change in role or leaves the organisation.
5. Sending Sensitive Information Via Unsecured Email
Whether businesses like it or not, employees regularly send sensitive data and information via email. While email can be the most efficient way to communicate, it can also expose organisations to commercial and personnel risk if an employee’s account is compromised.
Strong encryption is a critical capability to protect corporate data, email and systems from security breaches. Incorporating this additional security layer can prevent unauthorised access to email and data in the event of a lost device or cracked password.
Get Back In Control Of Your Enterprise Security
While there is no simple patch or security fix to overcome the cybersecurity risks posed by employees, there are measures organisations can take to reduce their exposure.
Teaching employees how to recognise, respond to and mitigate common cybersecurity threats is essential. Because the security landscape changes so quickly, this education should be ongoing – at least every few months.
Another way to minimise exposure to cybersecurity risks posed by employees is with technology. Microsoft Enterprise Mobility + Security (EMS), for example, is an intelligent mobility management and security platform that helps protect your organisation and empowers your employees to work in new and flexible ways.
Its benefits include:
- Single sign-on to any app or service from any device
- Secure access to company data from any device
- Integrated device and application management
- Document-level security
- Constant security monitoring
With advanced identity and access management, information protection and threat detection, EMS is one of your best defences against employee-related security risks. To find out more, contact Cloud Collective today.