The workforce of your business is its most dynamic resource. But, in recent times, employees have been found to cause the maximum number of data breaches in small and medium-sized businesses. According to a State of Cybersecurity in Small and Medium-sized Businesses report compiled by the Ponemon Institute, negligent employees were responsible for 54% of cyber security issues.
Source: Keeper Security
Darren Guccione is the CEO and cofounder of Keeper Security, Inc. During a press release, he revealed that, “The number one greatest cyber threat to a business is their very own employees. Critical data is more accessible via mobile devices in our 24/7-connected, device-filled world.”
The second most critical factor that accounts for 43% of the causes of data breaches is a lax password protection system within the IT networks of businesses.
Larry Ponemon – A Single Security Incident Could Put a Company Out of Business
Here are some more worrying statistics. Around 61% of small and medium companies have suffered a security breach in the year 2017. On an average, the cost arising from a data leak or theft of data and infrastructure damage now stands at $1 million.
As Larry Ponemon, chairman and founder of the Ponemon Institute stated, “We were alarmed to find that small and mid-sized businesses are becoming a huge target for hackers. As both frequency and size of data breaches increases, SMBs must face the reality that a material adverse financial impact on their business is a real possibility.” He added, “One cyber incident could very well put a small company out of business.”
If you’re a business owner, this information impacts you too.
Take Steps to Convert the Threat into a Defense against Data Breaches
Like an article in Forbes explains, when working out how to protect your company from employee related security issues, the first step you need to take is to train your workers. A workforce alert to the dangers of data breaches can prove to be an effective tool in securing your company’s digital systems. You must also institute the necessary password protocols to protect your business.
Wondering where to begin? Here are the steps to take:
- Human error is a very real issue with even the most secure of businesses. Begin by installing an Intrusion Detection System, and/or Intrusion Prevention System along with a robust firewall.
- Conduct annual training sessions for all employees so that they are well aware of the security measures they must take. Often careless workers leave devices with sensitive information logged in along with the passwords even when the gadgets are not being used. Stop this practice.
- Schedule a mandatory check of all user accounts at specific time intervals. Delete the accounts of employees that have quit the company. Look for rogue accounts or any activity that looks even vaguely suspicious.
- Install software that instantly informs you of any unusual activity or unknown users logging in from remote, unknown locations.
- Institute a policy according to which all top-ranking officials of the company have robust passwords that they change regularly along with a two-step verification system.
- In case employees have created hard copies of documents or transferred them into a removable device, make sure that each media is carefully accounted for and kept safe.
- Insist that employees turn off all devices in their office when they close down in the evenings. If they are using company-assigned refurbished laptops, tablets, mobile phones, or any other gadgets, they must submit them before leaving the office premises.
- Have a schedule in place according to which all passwords must be changed. It is important to stay organized in order to be efficient and safe from any risks. If you can get software that generates indecipherable passwords, that would be an ideal strategy to adopt.
- Install web filtering systems so employees cannot visit unapproved websites. In this way, you can minimize the risk of downloading malware and data breaches.
- Warn employees about the dangers of downloading or opening unknown attachments when checking emails sent to company accounts on company devices. Inform them of possible phishing attacks where hackers trick them into giving up passwords by posing as a colleague. Train them to alert the management if they come across such fraudulent emails.
- Install antivirus endpoint security software that works as an added layer of protection in case an employee clicks on a file containing malware.
- Even if you don’t have a BYOD policy in place, workers using personal mobile phones at work still pose a serious data breach risk. It is a known fact that workers may use their handsets for company work. The best move you can make is to educate them on the dangers of downloading and installing apps and adding passwords. Check with your IT security team for the mobile safety solutions and device management strategies that you can implement in the company.
Have an Exit Protocol in Place for Quitting and Retiring Employees
Given that your employees are privy to sensitive information, plan their exit protocols carefully. With the advice of your cyber security team, here are the steps you must take right after you receive information about a worker’s impending departure.
- Have workers deposit all the company-assigned devices and media storage devices they have.
- Delete user accounts and change passwords to all the systems that the particular employee has access to.
Data breaches are no doubt a very real threat that companies must be prepared for. But, with the right moves, you can train your employees to be the first line of defense against cyber attacks and lower the risk of leaks occurring due to worker negligence.