Why Employees are Your Greatest Cyber Risk

August 8, 2018

A new study has found that nearly two in five workers admitted to clicking on a link or opening an attachment from a sender they did not recognize.

This security slip-up is significant due to the installation of malware on their devices and the harvesting of sensitive corporate data.

Resulting from the societal BYOD (bring your own devices) trend, the Finn Partners Research study shows that more than half of employees (55 percent) are using their personal devices for work, which directly impacts increased vulnerability to hackers, malware and data breaches. In addition, only 26 percent of employees change their login credentials and/or passwords for personal and work applications at least once a month.

"The fastest and easiest way for bad actors to gain access to sensitive organizational data is for employees to click on nefarious links – we know that around 40 percent of our workforce is engaging in such behavior," said Jeff Seedman, senior partner at Finn Partners who leads the firm's U.S. cybersecurity specialty group. "Employees often assume their personal devices are secure, but then neglect to update their software regularly or put any protection policies in place. This is a serious problem, especially if a device loaded with company data gets lost, stolen or hacked."

Only 25 percent of employees said they receive "cyber hygiene" training on a monthly basis from their IT team. Cyber hygiene refers to the updating of operating systems on devices, checking for security patches, and changing passwords.

29 percent receive quarterly training;
19 percent receive bi-annual training;
23 percent receive annual training

"While 31 percent of respondents have already been a victim of a breach or attack, the behavior patterns to elicit security breaches remain," said Jodi Brooks, managing partner and tech practice lead at Finn Partners. "The opportunity to invest and increase the cadence of security vulnerability training in our organizations is vital. It is no longer sufficient for organizations to roll out annual security trainings on the latest vulnerabilities."

You must login or register in order to post a comment.

Workplace Violence Prevention in Ambulatory Care Centers & Physician Offices

Healthcare organizations often overlook the security needs of freestanding clinics and offices. In this webinar, Alan Lynch, Network Director of Safety & Security for St. Luke’s University Health Network, headquartered in Bethlehem, Pa., offers best practices to help you address the security risks in ambulatory care centers and physician offices.

Join this webinar to better understand how new technologies are enabling this intelligence transformation, and how purpose-built infrastructure plays a huge role in mission critical performance of video surveillance and analytics that delivers:

Poll

Emergency Communications

View Results

Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Security Magazine

2019 October

Our special feature this month highlights the Department of Homeland Security's newest agency: the Cybersecurity and Infrastructure Security Agency. Also, this month we highlight the Leander Independent School District's data practices that protect student privacy. Security experts discuss video monitoring, cybersecurity for public-private partnerships, privacy and more.

View More Create Account

Why Employees are Your Greatest Cyber Risk

Related Articles

Related Products

Related Events

Report Abusive Comment