When an employee signs a policy they acknowledge they have read and understand the document but is that really the case? Turns out, the answer is no.
A recent study from Kaspersky says that 46% of cybersecurity incidents in the last year have been due to careless actions by uninformed staff. It may not be intentional, in fact they may not even know they are putting the business at risk, but the fact is that 52% of businesses believe they are at risk from within their own walls.
What Can Be Done?
Training. Training. And more training. Making sure there are policies in place that are easy-to-understand (we can help you with that) is a great first step but there needs to be regular follow-up training with employees.
Not just the new hires, the veteran employees that might be stuck in their ways have to be aware of the risks that come with not being able to identify a potential attack. Awareness training for every team member is essential for them to be able to recognize evolving cyber attacks.
Of the 49% of businesses that experienced a virus or malware attack, 53% consider careless/uninformed employees a top factor. Teaching employees to be more cautious when opening unexpected emails can reduce risk of falling victim to a phishing scam.
Honesty is a Virtue
According to 40% of businesses around the world, employees hide an incident when it happens, instead of reporting it. This is obviously the complete opposite of what should be done when a breach occurs.
It’s not best practice for any employee, of any company, to hide an attack. Open and honest communication in the work environment should make employees feel like they must come forward to the Security Team when an incident takes place.
Don’t wait for an incident to occur before action is taken. It’s better to have your ducks in a row, and your data protected, than being a sitting duck vulnerable to an attack.