Employees Are Still The Cause Of Most Cyber Breaches
In the era when cybercrime is growing by an astronomical rate, is your biggest strength jeopardising your company's cybersecurity? The biggest strength for any company is their Human Capital and it is not unsual that most employees will do something at least once that could place their company at cyber risk.
It is commonly seen that when it comes to transferring and storing of data, dealing with user credentials, backup of files, employees prioritise personal convenience over security protocols.
There are many ways which may lead employee to make mistakes and can be the cause of a data breach:
• Insider malice.
• Poor Password Practices
• Weak Access Policies
• Phishing and Social Engineering
• Loss of endpoints
• Malware
A few common and some uncommon issuess which can be very costly to the organisations are:
1. Email sent to wrong recipients
It has been reported many times in the past that many data breaches were result of information sent by email to the incorrect recipient.
An employee at an HIV clinic in London accidentally entered the email addresses of patients in the ‘To’ field in place of ‘Bcc’ field and the organisation was fined £180,000 for the breach of privacy of the patients.
2. Sending Unnecessary attachments or information over email
There are multiple incidents reported where more than the required information sent over email by employee had led to data breach:
According to the Winnipeg Free Press, an employee of the city of Calgary, Alberta, accidentally leaked the personally identifiable information (PII) of more than three thousands employees in June 2016,. The extra information was perhaps provided while seeking technical assistance.
3. Using Company resources for personal use
Many employees use office laptops and mobile devices for their personal use which may lead to data breach.
4. Insecure Downloads
Each of employees is in charge of their own endpoints, and what they download could be a cyber threat to your whole organisation. It is seen that employee many times are not able to differentiate a Trojan-laden file or a risky click to the link sent by an email spammer.
Solutions to these problems are simple to identify but complex to implmenet:
1. Cyber Security Training
2. Cyber Risk Culture
3. Awareness
4. Cyber ethics and Cyber Behaviors
And so, organisations should prioritise the cybersecurity objectives and should not invest most of their budget on security products alone, otherwise they still might be leaving their house keys in the main-door lock.
Ratan Jyoti is Chief Information Security Officer (CISO) at Ujjivan Small Finance Bank:
You Might Also Read:
