Despite increasing global investments in cyber security solutions and services, cyber criminals are still able to inflict huge financial losses to businesses. According to Cybersecurity Ventures that by 2021, businesses will lose about $6 trillion to cyber crime. Therefore, there is certainly something that organizations are missing out on.
Employees Contribute to Nearly Half the Risks
Cyber criminals are known to exploit the weakest links in the security fabric of an organization. And, going by the latest Kaspersky Lab and B2B International study, it is the employees that contribute to more than half (52%) of the cyber security risks that businesses face. Organizations are increasingly becoming aware of the threats that arise from within in the form of careless or negligent employees.
According to the study, the three top concerns that organizations have regarding their employees are: sharing inappropriate data via mobile devices (47%), physical loss of the mobile device (46%), and use of inappropriate IT resources (44%). These concerns become even more serious for small and medium businesses (SMBs) due to the lack of or flexible cyber security policies. Also, SMBs train more focus on business growth than cyber security, making them more vulnerable to cyber threats.
Employee negligence – whether intentional or unintentional – is a serious cyber security loophole that can lead to bigger disasters such as incidents of data breach. Therefore, it is in the interest of the organizations to ensure that their employees are adequately educated about their security policies. Besides human error, disgruntled employees also constitute a big chunk of internal threats. The Kaspersky study mentioned above reveals that 30% of the cyber security events in the last twelve months were caused due to malicious activities of the employees working against their employers.
Educate, Sensitize, Train
Organizations are up against a big challenge when it comes to sensitizing employees on cyber security. Organizations must conduct regular training sessions and mock drills so that employees are regularly informed about the security best practices such as not opening links from unsolicited or unknown senders. In addition, employees must be educated about the various forms of cyber attacks especially phishing, social engineering, and email impersonation so they are aware of the modus operandi and are able to exercise adequate caution.
The Last Word
Employees are the first line of defense for any organization. Therefore, an educated, empowered, and of course happy workforce can strengthen over 50% of an organization’s cyber security posture – that’s half the battle won already.
The article has been written by Neetu Katyal, Content and Marketing Consultant