Investing in security software is not enough to protect confidential company information or networks from the worst threat out there – employees. Employees who are not constantly trained in internet privacy and security in the workplace may damage both finances and reputation.
Some 88 percent of workers put sensitive data at risk because they lack sufficient cybersecurity know-how, research shows.
1,000 employees and private users in the UK were surveyed by research company MediaPro about their proficiency in eight security and privacy scenarios such as identifying phishing campaigns, safe social media use and remote work. As few as 12 percent of respondents can accurately detect security incidents.
Most users can’t identify even the most evident threats so their risky behavior, although unintentional, makes them ideal targets, the report says. Some 25 percent didn’t recognize top signs of dealing with a phishing campaign, while 26 percent used a personal USB drive for work files when remote, instead of company-approved devices. As many as 30 percent violated the company’s code of conduct by posting company-related issues on social media.
To keep the network secure, businesses should limit access on a need-to-know basis and arrange regular cybersecurity workshops to teach employees about online security. Organizations are at risk because workers use weak passwords, click on suspicious links in emails, open attachments from unknown sources and use personal devices for work purposes.