Why are Employees a Cybersecurity Weakness?

Many organizations think of cybersecurity as simply an IT function but in today’s business world, cybersecurity is everyone’s concern from the board down. Everybody has a responsibility to keep the organization safe and secure, not just the IT department, because nearly everyone has the ability to bring an organization to its knees by clicking on the wrong link or opening a malicious attachment. One of the biggest reasons for employees being a top cybersecurity risk is that they don’t know what they should and shouldn’t be doing.

In healthcare, 60% of breaches occurred due to employee negligence yet only 38% of healthcare employees are aware of their organization’s cybersecurity policies. And only 30% of employees report having received any cybersecurity awareness training. A 2018 ESET survey found that 33% of organizations don’t provide any cybersecurity training for their employees. If organizations do not take the time to inform their employees how to protect data and explain data protection policies, how can the business expect the employee to practice cybersecurity best practices?

Human Resources and Finance department employees need to be taught how to deal with phishing emails looking to steal employee information or fraudulent wire requests that seek to siphon funds to fake vendors or fake bank accounts. Verizon’s annual report found that 93 percent of successful data breaches are initiated through phishing attacks. Establishing internal controls of what employees should do when receiving such requests, such as seeking verbal confirmation for wires or data on employees, can go a long way to protect businesses from today’s common cyber threats.

And businesses don’t necessarily have to pay a lot for cybersecurity education for their employees. Many cybersecurity vendors like ESET provide online cybersecurity training at no cost. While these training courses are not all-inclusive or tailored for the business’ needs, they can be used as a starting point or supplement to training employees on cybersecurity awareness.

A one-and-done approach to cybersecurity education will not help protect the business as threats evolve but taking an hour every quarter to inform employees about the latest cybersecurity threats they may face and how they can protect themselves, and the business’ customers can turn the business’ greatest weakness, the human factor, into one of its best defenses.