Recent research indicates that employees are responsible for a large percentage of cybersecurity incidents. Here are five ways they're causing vulnerabilities.
According to a 2017 Kaspersky Lab survey, employees are responsible for 46% of IT security incidents. That's good and bad news. The bad seems obvious. The good news is that you know where the problem is. So what are these human security holes doing?
Here are the top 5 human security risks:
1. Policy ignorance
If you don't know what the security policy is at your company you're less likely to follow it. Make sure people know what your policy is and are trained in how and why to follow it.
SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)
2. Clicking on links
Even when they know the policy people sometimes get tricked. Clicking on a link, even one that looks safe, can be all malware needs to get inside your network. Educate employees about what to look for, and to be careful in general.
Yes, you shouldn't open that "hot picture" from a friend and be wary of Word and Excel attachments from unknown people or in weirldy-phrased emails. But also don't send sensitive documents as attachments where they can sit in less secure email accounts waiting to be discovered.
SEE: 10 ways to raise your users' cybersecurity IQ (free PDF) (TechRepublic)
4. Installing software
No matter how good your IT department is at locking down systems, there always seems to be someone or some way that programs get installed anyway. Usually malware. Make sure folks know why they shouldn't install outside software without being very sure of its trustworthiness.
5. Sharing passwords
I know. You'd be surprised. I've heard high-level execs tell subordinates, "Here, just use my password." No. Just don't. Also, make sure passwords are unique to the user so you can revoke them if they get leaked, or when the employee leaves the company.
By the way, before you send out a note to your staff, take a look in the mirror. Executives, HR leaders and finance specialists -- the people with the most access -- tend to be the most at risk.
- 27 ways to reduce insider security threats (free PDF) (TechRepublic)
- How IBM's new cyber tools use AI to make human security pros more effective (TechRepublic)
- Don't skimp on IT security training: 27% of employees fall prey to phishing attacks (TechRepublic)
- Your biggest threat is inside your organisation and probably didn't mean it (ZDNet)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)