Your Employees are Your Biggest Cybersecurity Threat

When it comes to cybersecurity, businesses have a lot to worry about, with the costs associated with protecting a network (or responding to failed attempts to protect your network) dominating these costs. While it is incredibly important to protect your business in any way possible, it is often not enough, and even the most careful companies fall victim to attacks.

According to the Federal Bureau of Investigation, cyberattacks increased about 400 percent between 2019 and 2020, hence the extreme focus on cybersecurity in recent years. Businesses in particular are at great risk, especially when factoring in how some employees have a blatant disregard for cybersecurity.

You can have the most secure systems in the world and they would still be vulnerable due to one or two employees handling network security in an improper way. This can be quite the frustration for IT staff. Here are some of the ways an employee might fail to keep their credentials secure and what you can do about it.

Employees as Attack Vectors

With the large shift to remote work over the past several years, the ways that many employees are going about their day has changed considerably, and so too has the way a business’ network is distributed. Unfortunately, those who don’t do everything they can to protect their organization’s network are often seen as ignorant or as a saboteur, even though the largest contributing factor to these issues with network security is, more or less, stress—something which is incredibly challenging to quantify, measure, and eliminate.

According to the Harvard Business Review, stress plays a significant role in how protected an organization remains against cyber attacks. The study found that two-of-three workers failed to stick to organizational cybersecurity policies at least once over the course of every 10 workdays. It was also found that employees simply ignore cybersecurity policies around five percent of the time. While it might seem inconsequential, consider the far-reaching impacts of major data breaches, and all of a sudden it is a very big deal.

We know what you’re thinking; why would an employee follow procedure most of the time, but not all of the time? The study found the following were direct indicators for why:

• “To better accomplish tasks for my job.”
• “To get something I needed.”
• “To help others get their work done.”

Around 85 percent of respondents claimed one of the above as the reason for their non-compliance, willingly putting their organizations on the line just for the sake of getting something done. Most people within a business are not hired for their cybersecurity know-how; they are hired for very specific job duties and responsibilities, and they might see that cybersecurity gets in the way of that purpose every so often. Only three percent of all these cases are true defiance or sabotage, so it’s hard to blame employees for simply wanting to do their jobs well.

Redefining the Importance of Cybersecurity

Most employees are going to prioritize productivity over security procedures, but they just can’t win when they could potentially be labeled as ignorant or negligent for deliberately trying to maintain productivity rather than prioritize security. The unfortunate truth is that most training platforms and policies do not take into account these gray areas, which is why it’s so important for employees to be involved in the development of cybersecurity policies. By taking employee feedback into account, you can ensure security while also guaranteeing that your team has access to what they need to be productive and successful in the workplace. Managers also must work to ensure that the members of their team know about cybersecurity expectations so they can work toward meeting them.

If your business would like some assistance with developing or implementing productivity-friendly security solutions, reach out to us at 216 397-4080.