Disengaged Employees Could Become Your Organization's Greatest Security Threat

Written by

Since the pandemic, the almost immediate need to better protect remote systems and networks has significantly increased demand on security teams. With cyber-criminals taking advantage of the mass disruption caused by a shift in working models, organizations have been left more exposed and more vulnerable to attack than ever before.

In a bid to ward off malicious activity, many businesses – even those facing COVID-induced budget cuts – have spent thousands on security platforms and technologies. However, with 90% of data breaches in 2019 caused by user error, organizations must ensure they are paying enough attention to their weakest security link – their people.

Unique, Yet Common, Security Challenges

In an office environment, human error is much easier to identify and control. Each system and device being used by staff is connected to the same network and held to the same company-wide security standards. Specific safeguards and critical monitoring and mitigation tools run continuously, minimizing the risk of potential threats.

In a mass remote working landscape, organizations face a whole host of unique security challenges. Employees are logging on from multiple locations, using various servers, and in many cases, relying on their own home security systems to protect corporate devices. With no on-site security team to implement the necessary security practices, organizations are bound to become exposed to greater levels of risk.

In fact, it was recently reported that UK businesses had lost over £6.2m to cyber scams in the past year – with a 31% increase in cases during the height of the pandemic (May – June). Scams caused by the hacking of remote computer servers were revealed to be the second most common type of attack on businesses over the 12-month period.

The Influence of Apathetic Employees

Organizations must understand how and why human error occurs, with many businesses now pledging to shift to a permanent remote working model. In addition, they need to know how it can be managed and reduced across a distributed workforce.

As staff tire of working remotely and face their own productivity challenges, security naturally becomes less of a priority. Employee apathy, therefore, is one of the biggest security challenges for a company. Not only are disengaged employees more susceptible to outside manipulation, they are more likely to leave systems vulnerable due to negligence, and are at greater risk of leaking sensitive company information.

According to a report from Cyberchology – a partnership between ESET and The Myers-Briggs Company – 80% of organizations have seen an increased cybersecurity risk caused by human factors during the pandemic. As stress levels have risen, employees have become more complacent. In order to combat this, businesses must instil a sense of accountability for security across the company.

Establishing Accountability Through Culture

After a year of remote working, many employees are feeling the effects. On the other hand, employers are also battling with the repercussions of a dip in staff motivation. With engagement more difficult to achieve and maintain than ever before, companies must work twice as hard to create a culture of ownership, especially when it comes to security.

Given that security is such a sensitive and complex topic, organizations need to provide staff with regular resources and training. It may sound obvious, but even reminding employees not to share a work device with family members or housemates, needs to be done. Security training will not only encourage remote workers to remain alert, but will also bring to light any risky behaviors and how to avoid them.

In addition to delivering regular training and instilling basic digital hygiene, for example, using a password manager and turning on two-factor authentication, IT teams should also highlight the potential business risk and disruptions attacks and data theft can cause. When employees can visualize how security issues can directly impact their work, they are more likely to follow recommendations and guidelines.

While every employee should care how a security threat could impact the company, there will always be those that take a more lackadaisical approach to these issues. For security plans and processes to be adopted, they need to be understood and accessible to the entire company. Invest in communication training for your IT teams so they can better collaborate with other departments. Partner with communications personnel to help drive awareness of security initiatives across the company. Use collaborative work management platforms to align people around security procedures and processes.

When it comes to protecting organizations from internal and external threats, driving adoption of security initiatives, and reducing risks, focusing on increasing employee engagement is one of the best investments an IT leader can make.

What’s hot on Infosecurity Magazine?