- As an organization's first line of defense against cyber breaches, employees should receive clear, simple instructions in identifying cyber attacks and work closely with IT staff, according to Harvard Business Review (HBR). The reason security rules don't work is because instructions are too complex and not user-friendly enough for employees.
- By getting to know how employees' use technology in their roles, IT can tailor security education and testing to their needs, HBR said. Employees will be more likely to report security problems and be conscientious about preventing them.
- Hackers don't need sophisticated skills to break into organization's networks; they only need to trick workers through phishing schemes, HBR warned. Citing statistics from the Verizon Data Breach Investigations Report, HBR said phishing causes 90% of all cybersecurity problems.
The Travelers Companies, Inc. cited cyber threats as a top business risk. Employers will need to step up cybersecurity protections, increase training and, in some cases, recruit and hire cybersecurity specialists to resolve the problem. But a key point here is that keeping that training as simple and accessible as possible may be key to retaining the proper cybersecurity knowledge.
Case in point: In MediaPro's second annual State of Privacy and Security Awareness Report, researchers found that 70% of workers don't know how to prevent a cyberattack. This failing makes cybersecurity training even more critical.
Often unaware that systems are being attacked, employees fall for hackers' schemes, negligently reveal passwords or fail to heed security warnings. HR staff are frequently hackers' targets because of the massive data of personal and financial information they maintain. Breaches that occur without company processes to handle them properly can create massive PR disasters as well, as seen with the revelations that Uber had paid hackers to hide a large breach of its systems.
Employers shouldn't overlook the possibility of workers breaking into systems. A Willis Towers Watson (WTW) survey found that while 90% of cyber risks were caused by human error and 66% were the result of employees’ negligence or maliciousness, external threats made up only 18% of cyber breaches. WTW concludes that a data compromise is more often caused by employees leaving their workstations with information on their screen, exposed. Employers must warn workers about leaving proprietary information on their screens unattended.