Employees - A Company's Greatest Cybersecurity Strength or Weakest Link

Tesla, the electric vehicle company owned by well-known billionaire, Elon Musk, encountered a data breach which impacted employees of the company in May of this year. The breach, which resulted in personally identifiable information – including names, phone numbers, addresses, employment history, and even the Social Security numbers – for over 75,000 employees being leaked, has recently been found to be the result of “insider wrongdoing”, according to a new data breach notice filed by Tesla in August. 

The electric vehicle giant found that two former employees “misappropriated the information in violation of Tesla’s IT security and data protection policies and shared it with a media outlet.” The German media outlet in question, Handelsbatt, informed Tesla on May 10th that they had received information from an informant at Tesla who had shared with them a total of 100GB of data. 

This breach is just one example of how employees, or in this case, former employees, can be one of the largest threats to a company when it comes to cybersecurity. In this instance, the data leak was the result of disgruntled employees who had left Tesla purposely handing over information that they took from the employer -- it was a malicious, intentional occurrence. However, even well-meaning, loyal employees can be a cyber risk if they are not provided with the proper tools for cybersecurity success. In fact, a Stanford University study found that 88% of data breaches are caused by employee error. It is important to know how to empower employees with the skills necessary so that they go from being a potential cybersecurity weakest link, to the company’s greatest cybersecurity asset.

Provide Employee Education

As a manager or business owner, it is important that you ensure that you set your employees up to succeed - not only in their daily operations for the role which they were hired to complete, but in every aspect of their interactions with the company. Cybersecurity training should be thought of by employers as being as fundamental as all of the onboarding training. Regular follow-up training can assist employees further by keeping the learning materials they see fresh and up-to-date. Some companies go one step further and conduct random fake phishing “attacks” where the internal IT team will send an example phishing email to employees to see who catches it. Consistent exposure to cybersecurity knowledge can help your employees approach their work with safety as second nature. This alone will significantly reduce the likelihood of human error causing cybersecurity issues.

Utilize Multi-Factor Authentication

MFA, or multi-factor authentication, is among the best, most simple steps an employee can take that greatly enhances their cybersecurity defenses without much effort. With MFA, a one-time passcode is sent to a linked account, such as a phone number or email address provided when the account was made. This extra step which adds maybe a minute to the login process adds a layer of protection in the event of a data breach, as the employee has added yet another element necessary to access accounts.

Focus on Strong Password Hygiene

In the same vein as MFA, the utilization of strong password hygiene is key to success in all areas of life when it comes to cybersecurity. Be sure employees use unique, complex passwords for each account necessary for their job to be done. Encourage employees who are concerned about remembering so many passwords to use secure password managers, which are often free! Set an example for others by implementing strong password use from management on down.

Physically Protect Devices

Whether employees are on-site, working from home, or a little bit of both, it is crucial that work devices themselves are protected. This includes not only implementing practices such as updating software on a regular basis, but also ensuring simple things like locking the computer when the employee steps away. Storing devices associated with work in secure locations and not leaving them out where they are more likely to be taken or accessed by someone other than the employee is a basic step that can really enhance the individual cybersecurity practices of an employee, resulting in a more secure business.

When Unsure, Ask Questions 

Life is about learning, and asking questions is one of the best ways to learn. Ensure employees have a clear contact with whom they can feel safe asking any question, however “dumb” it may seem (though we know there are no stupid questions when it comes to cybersecurity!). Having a dedicated resource – whether an internal IT team or an external cyber professional – can help employees feel empowered to ask questions about anything they are unsure of or to help address anything that seems a little fishy. Keep an open dialogue about expectations and emerging threats or vulnerabilities so that your employees can be knowledgeable and aware when navigating their work. 

Yes, it is true that some employees can be a company’s weakest cybersecurity link, however, if you set them up for success and educate them on cyber risks, vulnerabilities, and provide them with the tools necessary to get their work done in a secure manner, workers can be your greatest cybersecurity asset.

‍

Image by Freepik. 

‍