Why Employees are Your Greatest Cyber Risk

August 8, 2018

A new study has found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize.

This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.

Resulting from the societal BYOD (bring your own devices) trend, the Finn Partners Research study shows that more than half of employees (55 percent) are using their personal devices for work, which directly impacts increased vulnerability to hackers, malware and data breaches. In addition, only 26 percent of employees change their login credentials and/or passwords for personal and work applications at least once a month.

"The fastest and easiest way for bad actors to gain access to sensitive organizational data is for employees to click on nefarious links – we know that around 40 percent of our workforce is engaging in such behavior," said Jeff Seedman, senior partner at Finn Partners who leads the firm's U.S. cybersecurity specialty group. "Employees often assume their personal devices are secure, but then neglect to update their software regularly or put any protection policies in place. This is a serious problem, especially if a device loaded with company data gets lost, stolen or hacked."

Only 25 percent of employees said they receive "cyber hygiene" training on a monthly basis from their IT team. Cyber hygiene refers to the updating of operating systems on devices, checking for security patches, and changing passwords.

29 percent receive quarterly training;
19 percent receive bi-annual training;
23 percent receive annual training

"While 31 percent of respondents have already been a victim of a breach or attack, the behavior patterns to elicit security breaches remain," said Jodi Brooks, managing partner and tech practice lead at Finn Partners. "The opportunity to invest and increase the cadence of security vulnerability training in our organizations is vital. It is no longer sufficient for organizations to roll out annual security trainings on the latest vulnerabilities."

You must login or register in order to post a comment.

A critical event is defined as an incident that disrupts normal operations, such as severe weather, crime, violence and critical equipment or technology failures. Business continuity and crisis response plans can only go so far if there isn't buy-in across functions, with executive-level support.

How CISOs Can Turn Security Training and Awareness into Action

In this webinar, security expert Pieter Danhieux explores how CISOs and CIOs can inspire real change, fostering a positive security culture that enables their development teams to become more security-aware, more aligned with internal AppSec specialists and, ultimately, securing code as it is written.

Poll

Mass Notification

View Results

Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Security Magazine

2019 August

Our August issue cover story features Steve Baker, CSO at State Street Corporation. Also in August, how did a Guidewell Security team member save a life? And learn how digital technology and IoT devices can combat both physical and cyberattacks.

View More Subscribe

Why Employees are Your Greatest Cyber Risk

Related Articles

Related Products

Related Events

Report Abusive Comment