When it comes to root causes of data breaches, it’s not your firewall, your endpoint protection, your antivirus, nor your patching that’s failing you; it’s your employees.
Every security-minded organization puts together a layered security strategy to deter, detect, and respond to cyberattack. A ton of time, budget, and resources is put into software solutions designed to keep up with the latest attacks, malware, and techniques. But what if I told you that your weakest link hasn’t been addressed?
According to the recent 2018 State of the Industry Report from document destruction vendor Shred-It, the negligent employee is a major cause of data breaches.
And it’s not just enterprise companies. According to the Shred-It report, small business is equally at risk:
The biggest challenge the report focuses on is the lack of employee training. According to the report, 41% of organizations don’t even provide training at least once a year. What’s needed isn’t once-a-year training – that’s simply not an effective way to keep employees abreast of changes to company policy, cyberattack methods, scams, and how to maintain a general security-mindedness at work. Instead organizations should be looking at Security Awareness Training as a way to keep users continually educated and to serve as the basis for a security culture within the workplace.