Employee practices can lead to data theft

Unfettered access granted to employees can compromise businesses' online security.
Unfettered access granted to employees can compromise businesses' online security.

It isn't enough to have an internet security in place, even though this is undeniably a smart, proactive decision. It's also important to inform your employees about cyberattacks, because their actions – which are typically innocent – can result in your company's sensitive information falling in the wrong hands.

Based on a recent survey, a majority of employees lack the consciousness they need to prevent even fairly basic threats.

Employees often lack understanding of online dangers
An estimated 70 percent of today's full-time workers don't possess the awareness they need to avoid cyber incidents, according to a new poll conducted by MediaPro, an information security and learning management firm. More specifically, 20 percent of employees engage in behaviors at their workplace that may result in a breach. That's up from 16 percent in 2016. Similarly, 19 percent make the same inadvisable decisions when working online from home, like clicking on an unidentifiable link or connecting to a Wi-Fi hotspot that's unprotected.

Roughly 1,000 employees from several different industries took part in the survey.

Steve Conrad, founder and managing director of the Washington-based compliance and privacy awareness company, said employers have to be proactive about informing their staff regarding the dangers that can result from their not being aware of cyberthreats' gravity.

"With overwhelming data supporting the fact that employees are the weakest link in privacy and security, companies can't rely on haphazard, annual training to solve the problem," Conrad explained. "Instead, they've got to look to make continuous improvements in cybersecurity knowledge and behavior."

Cyber incidents have grown in frequency for businesses
Even though security defenses have sharpened, numerous organizations have been hit with some kind of cyberattack, including ransomware, phishing, trojans and distributed denial of service, or DDoS. Since 2014, an estimated 75 percent of companies in the United States and Europe have lost private information due to a successful hack, according to polling by the Ponemon Institute and Varonis Systems. In 2014, the rate was 67 percent.

A potential reason for the sharp increase in cybercrime may be due to the unfettered access employees are being granted by their workplaces to sensitive information. In the same survey, 62 percent of respondents acknowledged they had the ability to see or access company files that they probably shouldn't be privy to.

Yaki Faitelson, co-founder and CEO of Varonis, warned business owners must be more particular about who is granted access to private accounts that could lead to financial ruin should data be leaked or breached.

"Right now we're in a technology arms race with hackers and insider threats," Faitelson warned. "Unnecessarily excessive internal access combined with a lack of monitoring and auditing sets organizations up for disaster."

Employees' ability to tap into back channels from mobile devices can increase the risk of data theft for business owners. Employees' ability to tap into back channels from mobile devices can increase the risk of data theft for business owners.

Privacy easily compromised by workers' social media posts
Employees can open up their workplace to data security threats even when they're off the clock, given the frequency with which people use social media. For example, in the MediaPro survey, 20 percent of respondents were found to take actions on social media that could increase their employers' vulnerability to cyberattacks.

Tom Pendergast, chief strategies of security and compliance at MediaPro, encouraged business owners to establish an atmosphere in the office where security is always top of mind.

"Building a culture of security and privacy awareness isn't easy," Pendergast said. "But it's no longer possible to ignore, given the slew of security and privacy concerns across multiple industries."

Even when workers do exhibit smart cybersecurity traits, mistakes still happen. PayneWest Insurance provides business owners with employment practices liability protection when company assets are threatened. Our team stops at nothing to keep your operation running smoothly.