When it comes to root causes of data breaches, it’s not your firewall, your endpoint protection, your antivirus, nor your patching that’s failing you; it’s your employees.
Every security-minded organization puts together a layered security strategy to deter, detect, and respond to cyberattack. A ton of time, budget, and resources is put into software solutions designed to keep up with the latest attacks, malware, and techniques. But what if I told you that your weakest link hasn’t been addressed?
According to the recent 2018 State of the Industry Report from document destruction vendor Shred-It, the negligent employee is a major cause of data breaches.
- 84% of C-Suites feel that employee negligence is one of the biggest information security risks.
- 86% of them feel the risk of data breach is higher when employees work remotely.
- An average of 70% of organizations experiencing data breaches indicate at least in part of the breach is attributed to employees
And it’s not just enterprise companies. According to the Shred-It report, small business is equally at risk:
- 51% of small business owners identify employee negligence as their biggest information security risk
- 71% of breaches reported by small business owners are at least, in part, attributed to employees
The biggest challenge the report focuses on is the lack of employee training. According to the report, 41% of organizations don’t even provide training at least once a year. What’s needed isn’t once-a-year training – that’s simply not an effective way to keep employees abreast of changes to company policy, cyberattack methods, scams, and how to maintain a general security-mindedness at work. Instead organizations should be looking at Security Awareness Training as a way to keep users continually educated and to serve as the basis for a security culture within the workplace.