Into the Breach: Why Employees Remain the Achilles Heel

  • By Kurt Markley
  • Aug 26, 2024

The past half decade has seen culture and flexibility springboard to the top of employees’ priority lists.

As a recent survey conducted by job site Monster shows, 26% of U.S. workers would alarmingly rather get a root canal than work in the office five days a week, while 38% stated that they would consider quitting their jobs if they were told that they had to work in the office just one day a week.

Employee preferences have to be balanced with the business’ need for in-office teams, therefore more organizations are turning to a hybrid mode that provides for both remote and in-office work. In fact, a May 2024 Gallup Indicators Report on Hybrid Work shows that the majority of organizations - 53% - are taking advantage of a hybrid model.

A hybrid work model that provides some autonomy for employees to choose where to work allows organizations to tap into a broader employee pool, both in terms of interest and geographical reach, thereby attracting and retaining top-tier talent. In stark contrast, organizations that cling to the traditional 9-to-5, five-days-a-week model risk losing their workforce to more adaptable competitors.

However, this shift towards at least part-time remote and mobile working is not without its challenges. Indeed, a new study from Apricorn sheds light on the security risks that come with this newfound flexibility. Surveying over 600 IT security decision-makers at large companies in the UK and U.S., nearly two-thirds (63%) expressed concern that their mobile and remote workers are likely to expose their organization to the risk of a data breach.

These concerns are well-founded. A shocking 55% of those surveyed reported that their mobile and remote workers have knowingly put corporate data at risk in the past year. Further, the survey found that the top causes of data breaches over the past 12 months were phishing attacks (31%), unintentional insider data loss (30%) and ransomware (29%), highlighting that employee actions are persistently to blame.

Consequently, trust in employees has suffered, with 40% of respondents going as far as to say that their mobile and remote workers don’t care about security.

Three key steps to mitigating employee-driven data breaches

Such statistics are damning, highlighting employees as a significant vulnerability for businesses in today’s landscape.

So, what can be done to address this? Critically, there are three key steps that organizations should be looking to take.

#1 – Education and training
According to Apricorn’s research, training and education are essential starting points. A staggering 73% of remote employees lack the skills and technology needed to keep data safe, despite being willing to comply with security measures. Organizations must bridge this gap between trust and capability by investing in comprehensive training programs to establish a robust and secure data environment.

#2 – Investing in the right technologies
Organizations can also enhance their defenses by equipping employees with the technologies needed to better safeguard data. For example, providing remote and mobile employees with whitelisted, removable USBs and hard drives that encrypt all data in an automated way will help ensure secure data storage both at rest and on the move. This approach allows the organization to vet the hardware in such a way that it can be used in otherwise locked down USB ports Additionally, limiting access to the corporate network via unmanaged devices can reduce the risk of both intentional and accidental breaches.

#3 – Establishing several forms of backup
Thirdly, it’s critical to have backups in place should preventative security measures fail. However, companies shouldn’t simply rely on one form of backup. The 3-2-1 rule offers a simple yet effective strategy to follow: maintain a minimum of three copies of data (one primary and two backups) in at least two different locations, with one dataset stored offline. This approach will ensure that rapid data recovery can be achieved even if networks are compromised, helping organizations quickly resume operations.

Already Taking Steps in the Right Direction
The good news is that despite the rise in employee risk and distrust, organizations are making significant strides in managing the growing risk landscape. Indeed, Apricorn’s research shows that organizations are actively working to rein in responsibility from their employees and better control potential vulnerabilities.

When asked about their information security strategies and policies regarding employees’ use of personal IT equipment for remote work, 54% of IT security decision-makers in the UK and U.S. reported allowing such practices. Further, companies are working to control access to systems and data through installed software, with over half of businesses taking crucial steps to lock down employee device usage and regain control of corporate data.

Data breaches are an unfortunate reality, but it’s encouraging to see organizations now taking proactive measures to mitigate these risks. Indeed, many are clearly implementing more robust controls and investing in advanced technologies to safeguard sensitive information.

With that said, there is more work to be done, with such a transition being especially vital in an era where remote and hybrid working has become the norm.

By using a combination of methods to enhance employee awareness and manage staff responsibilities, organizations can more effectively handle human-led risks in an increasingly remote and hybrid world. Human error is inevitable, but improving awareness and enhancing controls can significantly reduce the likelihood of staff being deceived by increasingly intelligent and

tailored social engineering attacks. Even if threat actors successfully inject malware or steal data for ransom, organizations with the right tools, software, and backup solutions can recover swiftly and minimize downtime.

The key is to be proactive, enhancing workforce resilience and strengthening security to better combat the growing prevalence of cyber threats.

Featured

  • Security Industry Association Announces the 2026 Security Megatrends

    The Security Industry Association (SIA) has identified and forecasted the 2026 Security Megatrends, which form the basis of SIA’s signature annual Security Megatrends report defining the top 10 factors influencing both near- and long-term change in the global security industry. Read Now

  • The Future of Access Control: Cloud-Based Solutions for Safer Workplaces

    Access controls have revolutionized the way we protect our people, assets and operations. Gone are the days of cumbersome keychains and the security liabilities they introduced, but it’s a mistake to think that their evolution has reached its peak. Read Now

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

Most   Popular

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.