Sign up for our weekly newsletter!
REGISTER NOW |
||
|
||
Employees Remain the Weak Link in Your Company's Cybersecurity Plans![]() Larry Loeb, Author, 8/8/2018
Who's the biggest threat to your enterprise's security? It might be the guy or gal sitting right next to you. Your fellow employees are, unsurprisingly, the deadliest cybersecurity risk that organizations face today. That's the finding of a new study released by Finn Partners Research, "Cybersecurity at Work." The report is based on questions sent to 500 full-time office employees across the US. The survey was completed in June, and the respondents held full-time positions in an office environment that had more than 100 employees. For example, the study found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize. (See Email-Based Attacks Still Wreaking Havoc on Enterprises, Study Finds.) Additionally, more than half of employees -- 55% -- are using their personal devices for work, thanks to the BYOD effect. This means an increased vulnerability to hackers, malware and data breaches because of the unsupervised environment of the devices. (See ISF: Balance Is Key to Mobile Security.)
![]() (Source: iStock)
Further illustrating poor practices, only 26% of the surveyed employees changed their login credentials and passwords for personal and work applications at least once a month. Jeff Seedman, a senior partner at Finn Partners, noted in a statement: The fastest and easiest way for bad actors to gain access to sensitive organizational data is for employees to click on nefarious links -- we know that around 40 percent of our workforce is engaging in such behavior. While 31 percent of respondents have already been a victim of a breach or attack, the behavior patterns to elicit security breaches remain. However, training by the IT and security departments to counter these behaviors is limited. In the survey, about 25% of respondents reported that they receive "cyber hygiene" training on a monthly basis from their IT team. This includes the updating of operating systems on devices, checking for security patches, as well as changing passwords. Another 29% report that they had quarterly training in this area, while 19% receive bi-annual training and 23% receive annual training. Still, 93% of the respondents believe that their company takes adequate cybersecurity measures to protect their personal and corporate data. Amazingly, 94% of those surveyed believe they are doing their part in helping to keep their company's data secure.
Of course, what specifics "their part" is up to the interpretation of who is evaluating it. The report also asked respondents if they were dissatisfied with their jobs, would they take the company's corporate security less seriously. Of those surveyed, 79% said no, 16% said yes, and 4% said they didn't know. Employees also considered themselves at risk from a corporate cybersecurity standpoint. Specially, 37% expressed that their biggest worry from a breach would be that their device would get a virus, as opposed to only 19% who worried most about leaking corporate data or the 19% that thought such a breach would cost the company a lot of money. This report shows that employees need to be aggressively counseled about cybersecurity. Left to their own impulses they can indulge in unsafe behaviors, perhaps abetted by the BYOD phenomenon. Related posts:
— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. |
Attackers have already begun to breach security at the BIOS level, according to a new report on BIOS security from Forrester Consulting.
The Sophos Managed Threat Response team found out that, where the Snatch ransomware is concerned, things just more ugly.
The Federal Bureau of Investigation's office in Portland, Ore., uses 'Tech Tuesday' to offer IoT security advice.
One of the most prevalent threats to the financial sector, the Dridex Trojan, was the subject of a recent alert.
Aviatrix, an enterprise VPN company with customers that include NASA, Shell and BT, has recently dealt with a vulnerability that was uncovered by Immersive Labs researcher and content engineer Alex Seymour.
Information Resources
upcoming Webinars
ARCHIVED
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security. ![]() like us on facebook
|
|
![]() |
||
![]() |
Security Now
About Us
Contact Us
Help
Register
Events
Supporting Partners
Twitter
Facebook
RSS
Copyright © 2019 Light Reading, part of Informa Tech, a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use in partnership with
|