Malware may be on every IT professional’s radar but inattentive or poorly educated employees are among the biggest threat to business cyber security, according to research recently published by security firm Kaspersky.
The company recently interviewed 5000 businesses, with findings indicating 46 per cent of cyber security reaches were caused by internal error. The statistic is second only to malware, but not by much.
So how do you educate employees in the battle to keep security threats at bay?
After the recent WannaCry ransomware epidemic, Kaspersky took it upon itself to look deeper into the human factor behind cyber threat, and according to the report the results are “astounding”.
• 57 per cent of businesses believe their security will be compromised.
• 52 per cent of businesses believe they are vulnerable to threats from within, admitting employees were likely to be their weakest link.
• In 46 per cent of cyber security breaches within the past year, careless or uninformed staff contributed to the event.
• In 30 per cent of security breaches these attacks were deemed malicious, with staff actively working against their own employers.
• In 40 per cent of incidents, staff hid what had occurred.
Meanwhile, business also attributed much of the threat to the mobile device, noting it as their top fear when it came to potential security breaches.
The report found:
• 47 per cent of business worried about inappropriate sharing via mobile device.
• 46 per cent were concerned about physical loss of mobile devices, thereby exposing the organisation to risk.
• 43 per cent of enterprises were concerned about inappropriate use of IT resources leading to threat.
The findings paint a picture of business being majorly concerned about their IT security in a landscape where employees may be indifferent to the threat, or could even hide a possible breach.
So how should business encourage better employee practice?
Protecting your enterprise from within
There are a number of ways business can better educate its employees to cyber security threat and protect their enterprise from within. These include:
Many business have IT security policies but they are often complex, poorly worded and have not been brought to the attention of staff.
Ensure your staff are made aware of current policies regarding IT usage including any guidelines for bringing and using their own device.
These policies should encourage the reporting of a possible breach, and if you have policies in place, enforce them.
Just as staff have regular workplace health and safety training, they should be clearly and regularly trained on cyber security including the best practices to mitigate threat, current trends and issues, and what to do if a breach occurs.
Solid security setup
Education may be a major component, but threats can also be mitigated by adequate and updated security for applications and infrastructure.
This includes auditing existing infrastructure for risk, ensuring security protocols are up to scratch, and actively preventing cyber security breaches and unauthorised access.