Think People First when Improving Cybersecurity Posture

Written by

Cybersecurity remains a frequent topic of discussion throughout many enterprises due to high-profile breaches, changes in regulation, and the understanding that every organization could be targeted, regardless of business sector and security means deployed. As a result, corporate spending on various security measures has increased, but organizations are finding it especially challenging to balance between security solutions and the people they are meant to protect – the employees. 

We need to focus on maintaining employee productivity, preventing the need for workarounds, and mitigating the fear of employees to create a healthy and secure business. We also need to understand how the wrong security approach can be as harmful as a breach, and even create one itself.

When new security restrictions are put in place, it often means that elements of employee’s work become negatively impacted. Limiting access to websites, blocking certain attachment types, or changing the spam thresholds can increase security, but it almost certainly simultaneously disrupts the productivity of employees if not implemented carefully. Security policies can lead to employees needing to take extra steps or change the way the work is done, adding minutes or even hours of additional work. These additional measures also have adverse psychological effects on employees – and if everybody hates to replace their password every several weeks, imagine how employees would feel if they can no longer do stuff they’ve always done, like accessing social media sites or connecting to their private cloud storage service.

Not surprisingly, some employees will try to circumvent the security protections that are put in place in the name of doing their job better, faster, or simply because “that’s the way we always used to do it”. This happens more frequently after new policies or tools are put in place that restricts user activity. Plus, it’s hard to factor in the lost hours that an employee might put into finding and using a workaround so that they can access certain kinds of files or visit blocked websites. In most cases, the workaround used by the employee will increase the risk level and expose the organization even more than it was prior to setting the restrictions.

According to a 2014 IBM study, more than 95% of security incidents involved human error, albeit not knowingly in many cases. Such a stat places the blame directly on the employees within a company and causes them a high level of stress. Unfortunately, when employees are victims in this situation there is still the possibility that they will face repercussions, even termination. This stress, combined with the hindrance of cumbersome security solutions, can greatly deter employees from working at their full potential.

It is inevitable that employees will make mistakes, so it is imperative to do all in our power to lessen their exposure to threats and help alleviate their fears. Most of the time, employees do not realize they are exposing their organization to the risk of data breaches by opening emails, clicking on links or interacting with files. While training programs can help employees understand the basics of dangerous URLs, downloads, and phishing, the criminals continue to get creative and smarter using more sophisticated attacks. So one can't expect an entire organization to keep pace. Instead of overwhelming employees with every possible way they can make a mistake, lowering the amount of threats, with the use of appropriate security solutions, can increase both the security of the business and the productivity of the employee.

As hackers and threats become more sophisticated and more dangerous, businesses will constantly need to adapt, change and plan their cybersecurity approach. There is no “one size fits all” solution to cybersecurity, so businesses need to create a tailored approach to what data needs protection, what types of authentication is necessary, and how much they are willing to spend. When businesses take the time to find the appropriate solution for their workplace they are able to address all business concerns and ensure they have a productive and safe work environment. 

What’s hot on Infosecurity Magazine?