Ignorance of security policies and security threats is one of the primary reasons why employees break cybersecurity rules, says Ericka Chickowski at Dark Reading. A study conducted by Clutch in February showed that nearly half (48%) of entry-level employees and 28% of all employees don’t know whether their companies have a cybersecurity policy.
Additionally, even employees who know their organization’s security policy can still fall victim to social engineering attacks, such as phishing. Organizations need to provide education and training to make their employees aware of these threats and the ways that they can be prevented.
Convenience and frustration are also leading causes of rule-breaking. Organizations often have to aim for a compromise between security and productivity. As a result, employees often feel more productive when they bypass policies that are slowing them down.
A study by Dell last year found that 72% of employees would share sensitive, confidential, or regulated information, in many cases because it would help them or their co-workers perform their jobs more efficiently. When employees flout the rules, they need to face fair consequences for their behavior. By properly educating employees on security policies and the penalties for breaking those policies, security teams can avoid giving the impression that they are unfairly punishing unaware employees.
Curiosity is another major factor. In a survey by One Identity and Dimensional Research, 92% of security professionals said that employees at their organizations have attempted to access information that was not necessary for their day-to-day work, with 23% saying it was a frequent occurrence. “Enforcing the rules of least privilege through role-based access controls, along with a healthy dose of user behavior monitoring, can help keep curiosity from killing the cybersecurity policy,” Chickowski writes.
New-school security awareness training can make employees mindful of their organization’s policies and teach them the reasons why those policies are in place.
Interactive training and education, combined with effective security policies that are backed by known consequences for a violation, can give an impressive boost to your organization’s security. Dark Reading has the story:
Here is another post you might like:
The Seven Deadly Social Engineering Vices - Updated
You may not be aware that there is a scale of seven deadly vices connected to social engineering (SE). The deadliest SE attacks are the ones that have the highest success rates, often approaching 100%. What is the secret of these attacks, how come they succeed so well?
Your own observations show you that people are very different. Some are always enthusiastic and willing to learn something new. Others are more conservative but courteous to their co-workers. A bit further down this scale are people that always look like they are bored with life and then at the bottom are those who just don't care and basically are in apathy about everything. Continued: https://blog.knowbe4.com/the-seven-deadly-social-engineering-vices-updated