If GDPR has got you thinking about anything, it should have you thinking about your security culture.
A security culture is vital for protecting your business against online threats, because believe it or not, your employees are your biggest risk.
A study carried out by law firm BakerHostetler found that 37 percent of all security incidents were the result of employee negligence. Theft accounted for a further 22 percent, while malware and phishing caused 14 and 11 percent of incidents respectively.
What does this data show? That employees are your weakest link when it comes to security.
But why? Well, lack of education and awareness is an obvious factor. But before you launch into full-blown cybersecurity training programmes (which you should, eventually) you should first take a look at how your staff are working. Or rather, how you’re allowing them to work.
Adapt or die
These days, employees expect mobility and modern working practices. They expect to be able to work from home, on the road and remotely. They want cross-platform access to company systems and data to allow them to do their jobs efficiently, at any time. And here’s the thing: whether you enable it or not, your employees will find a way to work the way they want to. This can include bypassing processes and security safeguards, and working through unregulated channels. That’s a problem.
The threat of data leaks via unmanaged devices is huge. Unregulated access to company data and unmanaged devices pose a big data breach risk. You need to make sure you know where your data is, who is accessing it, and when. And you need to roll out proper remote working practices that take into account security, access control, and education.
Consider a BYOD (Bring Your Own Device) policy and look at Mobile Device Management (MDM) software such as Microsoft EM+S, with features such as Multi Factor Authentication (MFA), conditional access and Advanced Threat Detection to mitigate risk, secure sensitive information and keep your data – and your business – safe.
Organisations that fail to adjust to modern workplace needs are far more likely to experience data breaches. Don’t risk it.
- These 6 trends are shaping the modern workplace
- Infographic: 5 ways a mobile workforce improves your bottom line
Education is key
Let’s talk about education.
Training and awareness are vital for getting employees to understand the responsibility they hold in keeping your business – their place of work – secure. Of course, organisations must have the most up-to-date and strongest security systems in place, but this will be a wasted investment if you don’t also train your staff.
Are your employees aware of exactly how much damage a security breach can cause to an organisation? From phishing and social engineering, to sharing passwords and using unsecure networks – are your staff aware of the risks? How can you help them?
You need to remember that security may not be everyone’s first priority or their area of expertise, so you need to provide constant reminders to ensure that your staff remember that it’s important. They need to realise that keeping the business protected is just as important for them as it is for you.
According to Tektonika Magazine, cyberattacks take an average of 46 days to resolve, at an average cost of US$21,155 per day – or a total cost of US$973,130. And the cost of data breaches is rising. There has been a 29 percent increase in the total cost of data breaches since 2013, with the average consolidated total cost of a data breach now estimated at US$4 million.
What would a cost like this do to your business? How long would it take you to recover from a data breach? Could you recover at all, given the damage it would do to your brand and reputation? What would this mean for your staff?
These are question you need to be asking of yourself, and of your employees, so that everyone understands exactly how much responsibility they have here. Everyone needs to understand just how much damage they could cause by doing something which they might think seems harmless. Understand is the keyword here. Don’t just preach, help your staff to understand and remind them of the importance regularly to avoid negligence on their part.