Employee Negligence Leads to Cyber Vulnerability

By:  |  Category: Blog, Security Tuesday, July 24th, 2018  |  No Comments
Employee Negligence

In the era of heightened cyber risk, the personal responsibility of employees has changed. No longer is working hard their only focus, employees are now also responsible to maintain security protocol.

Cornell University Law School defines negligence as “a failure to behave with the level of care that someone of ordinary prudence would have exercised under the same circumstances.”

In the 2018 State of the Industry report from document destruction company Shred-it, employee negligence has become a big concern. Negligence incorporates both employee action and inaction; failing to follow security protocol, opening suspicious email attachments, losing company devices containing sensitive data, etc.

Shred-It discovered that 47% of data breaches were caused by an error or accidental loss, in other words…negligence.

So, in what ways do your own employees threaten the security of your data?

Remote working: While most companies have strict in-house security policies, they often trust their remote employees to uphold the same standards, which leads to failure. Reality is a different animal than intention and employees will misplace important laptops or smartphones, or visit unsafe sites that could potentially lead to malware attacks, such as ransomware. Trusting employees to protect sensitive data without training them on what it is and how to protect it is also unreasonable.

The best way to protect against employee negligence with remote workers is to train them in security awareness. Once they understand they are always at “Code Blue” level when it comes to defense, they are less likely to fall for a phishing scam, or a ransomware or malware attack.

Tip: Train your Remote Employees to:

  1. Don’t open unsolicited emails, click on links, or open attachments in unsolicited emails.
  2. Be suspicious of claims that are too good to be true. Typical examples are weight loss claims, sexual enhancement claims, and people claiming to want to give you large sums of money.
  3. Be careful in responding to, or providing information in response to, unsolicited emails from banks, the IRS, or other organizations, and don’t fall for scare tactics.
  4. Don’t download apps from non-trusted sources.
  5. Avoid storing business data on personal devices.
  6. Don’t share a device used at work with a friend or family member. Installing apps is easy, and kids don’t think twice about downloading any app that looks appealing.

Open Floorplans: Open floorplans sound like a cool and hip modern workplace environment. It’s also a security challenge. From a logistical standpoint an open floorplan means employees have access to computers with sensitive data on them with little or no physical barriers to deter them. Businesses need to be aware that if they choose to adopt the open floorplan concept then passwords and physical copies of sensitive data are stored in a locked and secure environment.

Tip: To stop visual hacking, users need to be trained to be aware of their surroundings.

Minimize exposure by:

  1. Have employees work with their backs to the wall when in public areas.
  2. Use lock screens and secure work areas when leaving their desks.
  3. Report suspicious activity right away.

Lazy Passwords: The Verizon 2018 Insider Threat Report states that 56% of security experts viewed weak/reused passwords as the biggest enabler of accidental insider threats. Train your employees on what bad password looks like. For a list of 2017 worst passwords  Click Here.

To protect against password cracking, companies can establish a “threshold alerting” system which can automatically detect, alert and respond to anomalous logon failure in Active Directory. For example, if X number of failed logon attempts occur over Y period of time, a custom script can be executed which can either stop a specific process, change the firewall settings, disable a user account, or shut down the server.

The Best Anti-Negligence Solution:

Train and educate your staff on cybersecurity. Your business can’t afford not to.

If you need assistance with cyber security training, give EnhancedTECH a call at 714-970-9330 or contact us at [email protected]

Photo Credit: burst.shopify.com 


Leave a Comment
Read previous post:
Small Scale Manufacturers
New Tech Boosts Small Scale Manufacturers

What is the future for small-scale manufacturers? The rise of cheap foreign competition has seen many large manufacturers move their...