Last year was the year of the data breach—so much so, that NTT Security’s most recent Risk: Value Report claims that the majority (57 percent) of businesses now expect to be breached. A 2017 report from Keeper Security names negligent employees as the biggest threat to data security in small to medium-sized businesses, even though cybersecurity gets the attention and budgets. Unfortunately, businesses are so focused on securing against malicious insider threats, they do nothing to negate the innocent mistakes of their employees, all while introducing policies that further increase the likelihood of human error.
The security risk of meeting employee expectations
More and more, consumers’ expectations to access information anywhere, anytime, and from any device has overflowed into today’s workplaces, with employees now expecting their employers to have a Bring Your Own Device (BYOD) policy. This, combined with the proliferation of the Internet of Things (IoT) and remote working makes security a high priority. Yet employees continue to use, and lose, unapproved USBs; they are not encouraged to report lost or stolen devices; and they are forced to use encryption that has the dual effect of not being user-friendly as well as being mostly useless in the event of a breach.
Why is a lost device surprising to anyone?
This year, research from internet security firm Eset asserted that 22,266 USBs are left at dry cleaners every year. In many ways, this is not surprising; we know people make mistakes. What is interesting is that knowing this, businesses allow employees to use USB devices that, at worst, they’ve picked up at conferences and, at best, have encryption so complicated that they find a way to disable it. Either way, it’s a huge security risk in which the employee is an unwitting participant....
This content is available to IABC members only. To continue reading, log in below.