Empowering Employees To Prevent Data Leaks

When it comes to safeguarding data, are humans a vulnerability or an asset? The answer very much depends on how organisations empower and enable their teams to deal with the many regulations and policies that define their cybersecurity strategy.  

In the push to strengthen data security, many workers are beginning to feel disillusioned or overwhelmed by complex security rules that appear to serve the business rather than serve them as employees.

When rules are enforced without adequate support in the form of new technologies and safeguards, the data security burden lies firmly on the shoulders of the employee, and the time and energy required to carry that burden can start to feel like a barrier to productivity.  
 
This disconnect is echoed in recent research from Zivver, which shows that 51% of IT leaders identify employee awareness as their top security challenge, and 38% report difficulties in fully engaging employees with security practices. This isn’t about apportioning blame, but accepting the frustrations felt among employers and employees in the pursuit of a common goal.

It isn’t the individuals that warrant scrutiny, but the processes under which those individuals are expected to thrive.

Zivver’s research also highlights several key barriers impacting employee focus and productivity, with 41% of respondents citing excessive bureaucracy, 27% pointing to time-consuming security protocols, and 26% identifying an overload of IT systems as significant roadblocks to getting things done securely.  
 
When security processes are inadequate or begin to feel like a hindrance, workers tend to look for shortcuts, often inadvertently exposing their organisations to risk. In fact, while inbound threats like ransomware tend to grab the media headlines, accidental human error accounts for more than 80% of data leaks. It’s clear that a fresh approach to cybersecurity is needed – one that supports and empowers employees to make the right decisions, and embeds security policies into day-to-day operations instead of expecting employees to jump through numerous hoops.  
 
The question here is, how can IT leaders encourage a security-first mindset that does not depend on complex manual steps or disruptive processes, but rather integrates data protection into everyday tasks in a way that makes security feel second nature?  

Data Leaks: Human Error, But Not A Human Problem 

While malicious inbound threats often dominate conversations around cybersecurity, it’s important not to overlook the impact of human error - one of the most common causes of data leaks. Employees aren’t just at risk of making mistakes due to negligence; they’re often under pressure to meet tight deadlines, manage heavy workloads, and keep pace with a growing list of security protocols. In fields such as healthcare and legal services, where efficiency and speed are paramount, security measures can feel like obstacles rather than safeguards. When people feel rushed or overwhelmed, the chances of errors multiply. 
 
Human error is particularly common in data handling tasks like email, where autocomplete features, large attachments, and sensitive information are everyday concerns. As Anita points out, in the legal sector, data from the UK’s Information Commissioner’s Office indicated that last year, 4.2 million people were potentially affected by law firm data breaches, with over half of those incidents tied to human error. These incidents could be caused by anything from relying too much on the autocomplete in an email address field, to accidentally emailing the wrong John or Jane at a third-party supplier or partner. This is an industry-wide issue, but it’s one that can be reduced by creating a work environment where secure practices are easier to follow than to bypass. 
 
Rather than viewing employees as a liability, organisations can instead treat them as their greatest asset in data security.

When the right tools and processes are in place to support employees, they are more likely to follow secure practices without feeling burdened. The focus should be on equipping people with simple, accessible tools that make it easy to do the right thing, reducing the reliance on manual vigilance and minimising the risk of errors. 
 
Security By Process, Not By Enforcement 

For cybersecurity measures to be effective, they need to feel like a natural part of employees' daily routines. When security protocols add too much friction, employees are more likely to find workarounds, potentially increasing risk. Sue emphasised that in sectors where urgency is high such as healthcare, where split-second decision-making can sometimes mean the difference between life and death, employees are quite right to consider cybersecurity as secondary to their immediate tasks. This isn’t an employee problem, but a process problem. While some industries such as IT may view cybersecurity as core to their everyday responsibilities, there are countless sectors where cybersecurity is not - and shouldn’t be - the primary focus.  
 
Instead of expecting employees to navigate a blanket set of rules, organisations can adapt security protocols to fit the specific tasks employees perform, considering the types of data they handle and the workflows they rely on. By integrating security steps directly into these workflows, companies can promote secure practices that require less effort to follow and don’t interrupt productivity.  

Making Security Second Nature 

The role of automation in cybersecurity is rapidly becoming more critical, especially as organisations seek to reduce the pressure on employees to manually enforce security protocols. When automated tools are embedded into commonly used applications, they can proactively flag issues and prevent errors before they happen. These tools are capable of scanning emails for sensitive information or identifying potential recipients who shouldn’t receive certain data can help employees stay compliant without extra effort. 
 
User-friendly tools that integrate seamlessly into daily workflows also minimise the need for manual intervention, which can often be a weak point in security processes.

Automation stops employees having to remember each individual protocol or check every single detail, especially when they are managing large volumes of data. Tools that operate quietly in the background - flagging risks, providing real-time feedback, and securing data without interrupting work - allow employees to focus on their core responsibilities without compromising security. This approach helps eliminate workarounds and reinforces secure habits, creating a safer environment where data protection becomes a shared, manageable part of the workday rather than another set of chores to deal with.   

Positioning Security As A Boardroom Priority 

When it comes to stakeholder buy-in, how do those with a vested interest in an organisation’s security practices convince C-suite executives and key decision-makers to invest in security automation and security intelligence tools? Different “audiences” will require different approaches to the conversation. For instance, emphasising the return on investment (ROI) of strong data protection practices can help persuade the CFO, while stressing the role of cybersecurity in building trust and safeguarding the organisation’s reputation may appeal more to the CEO. Tailoring the message to each audience reinforces that cybersecurity is not just a technical issue - it is a strategic concern that impacts the entire organisation.

When senior leaders understand the broader benefits, they are more likely to support initiatives that embed security into the organization’s culture. This, in turn, encourages a top-down commitment that empowers employees and aligns all levels of the company with the same goals. 
 
By framing data security as essential to stability, growth, and reputation, organisations can foster a proactive approach that goes beyond regulatory compliance, ensuring that cybersecurity practices are not only adopted across departments but are also viewed as a fundamental part of the organisation’s resilience and success. 

Anita Mavridis is VP of Product at Zivver and Sue Musumeci, Director of Quality & Clinical Informatics at Chronic Care Staffing

Image: Mizuno K

You Might Also Read:

Making Insider Threats A Year Round Priority:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Strengthen Software Supply Chain & Governance For Better AI System Cybersecurity
Fancy Bear At Work »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Data Shepherd

Data Shepherd

Data Shepherds primary focus is to protect your business. We achieve this by offering extensive and unique expertise in innovative IT and Cyber security solutions.

Data443 Risk Mitigation

Data443 Risk Mitigation

Data443 Risk Mitigation provides next-generation cybersecurity products and services in the area of data security and compliance.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

ShorePoint

ShorePoint

ShorePoint is an elite cybersecurity firm dedicated to improving the cyber resilience of Federal agencies and their missions.

Aristi Labs

Aristi Labs

Aristi Labs provides comprehensive security solutions to help businesses protect data and intellectual property, minimizing downtime and maximizing productivity.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Securix

Securix

SECURIX AG delivers holistic IT security solutions that are tailored to the specific challenges and requirements of your company.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

dWallet Labs

dWallet Labs

dWallet Labs is a cybersecurity company specializing in blockchain technology. We believe that the future of Web3 relies on cutting edge cryptography and unabated security.

LOCH Technologies

LOCH Technologies

LOCH Wireless Machine Vision platform delivers next generation cybersecurity, performance monitoring, and cost management for all 5G and for broad-spectrum IoT, IoMT and OT wireless environments.

QFunction

QFunction

QFunction works within your existing security stack to detect anomalies and threats within your data.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Haiku

Haiku

Haiku stands at the forefront of cybersecurity upskilling, leveraging video games to immerse you in a flow state for accelerated, enduring learning.