- A report by Dtex Systems, a cybersecurity firm, shows that 95% of organizations have workers who try to override security and web restrictions, Dark Reading reports. These behaviors are a precursor to data theft and other malicious activity in the workplace.
- The report warns employers about workers using anonymous virtual private networks (VPNs); conducting anonymous web browsing, through browsers such as TOR; and/or using a hacking program like Metasploit, which tests system vulnerabilities. Anonymous VPN use has doubled between 2015 and 2016, according to the report.
- The reason employees try overriding security restrictions is to steal data, cybershop or cover up prohibited activities like viewing pornography online, the report said.
Employers who want to steal data or engage in other restricted behavior will do so once they find a way. Policies and enforcement procedures must be in place, but if workers are intent on finding ways to break through security systems, there's a sure bet they'll attempt to find ways around HR's ground rules.
It's not easy to profile a cyber thief, but the report suggests employers should be aware that new hires and exiting employees have been known to bypass security systems, often taking confidential information, customers and trade secrets with them.
Even scarier, though, is the fact that most employee cybersecurity incidents don't happen intentionally; a study from Willis Towers Watson found that 90% of cyber risks are caused by human error alone. It's a stunning figure given that cyber risk management teams are critically understaffed across industries.
The report identifies proactive steps employers should take to avoid data breaches and other nefarious behavior for which they could be liable. Among them: Increasing visibility over on-network as well as off-network times (when most risky business occurs), paying attention to workers who violate policies and training IT staff in high-level cybersecurity.
The rise of hacking and data theft should also prompt employers to conduct thorough background checks of new hires. HR data, which can include Social Security numbers and other personally identifiable information, is often the target of criminal ransomware.