Why are Employees a Cybersecurity Weakness?

Many organizations think of cybersecurity as simply an ITfunction but in today’s business world, cybersecurity is everyone’s concernfrom the board down. Everybody has a responsibility to keep the organizationsafe and secure, not just the IT department, because nearly everyone has theability to bring an organization to its knees by clicking on the wrong link oropening a malicious attachment. Oneof the biggest reasons for employees being a top cybersecurity risk is thatthey don’t know what they should and shouldn’t be doing.

In healthcare, 60% of breaches occurred due to employeenegligence yet only 38% of healthcare employees are aware of theirorganization’s cybersecurity policies. And only 30% of employees report havingreceived any cybersecurity awareness training. A 2018 ESET survey found that33% of organizationsdon’t provide any cybersecurity training for their employees. Iforganizations do not take the time to inform their employees how to protectdata and explain data protection policies, how can the business expect theemployee to practice cybersecurity best practices?

Human Resources and Finance department employees need to betaught how to deal with phishing emails looking to steal employee informationor fraudulent wire requests that seek to siphon funds to fake vendors or fakebank accounts. Verizon’s annual report found that 93 percent ofsuccessful data breaches are initiated through phishing attacks. Establishinginternal controls of what employees should do when receiving such requests,such as seeking verbal confirmation for wires or data on employees, can go along way to protect businesses from today’s common cyber threats.

And businesses don’t necessarily have to pay a lot forcybersecurity education for their employees. Many cybersecurity vendors likeESET provide online cybersecurity training at no cost. While these trainingcourses are not all-inclusive or tailored for the business’ needs, they can beused as a starting point or supplement to training employees on cybersecurityawareness.

A one-and-done approach to cybersecurity education will nothelp protect the business as threats evolve but taking an hour every quarter toinform employees about the latest cybersecurity threats they may face and howthey can protect themselves, and the business' customers can turn the business'greatest weakness, the human factor, into one of its best defenses.