Into the Breach: Why Employees Remain the Achilles Heel

  • By Kurt Markley
  • Aug 26, 2024

The past half decade has seen culture and flexibility springboard to the top of employees’ priority lists.

As a recent survey conducted by job site Monster shows, 26% of U.S. workers would alarmingly rather get a root canal than work in the office five days a week, while 38% stated that they would consider quitting their jobs if they were told that they had to work in the office just one day a week.

Employee preferences have to be balanced with the business’ need for in-office teams, therefore more organizations are turning to a hybrid mode that provides for both remote and in-office work. In fact, a May 2024 Gallup Indicators Report on Hybrid Work shows that the majority of organizations - 53% - are taking advantage of a hybrid model.

A hybrid work model that provides some autonomy for employees to choose where to work allows organizations to tap into a broader employee pool, both in terms of interest and geographical reach, thereby attracting and retaining top-tier talent. In stark contrast, organizations that cling to the traditional 9-to-5, five-days-a-week model risk losing their workforce to more adaptable competitors.

However, this shift towards at least part-time remote and mobile working is not without its challenges. Indeed, a new study from Apricorn sheds light on the security risks that come with this newfound flexibility. Surveying over 600 IT security decision-makers at large companies in the UK and U.S., nearly two-thirds (63%) expressed concern that their mobile and remote workers are likely to expose their organization to the risk of a data breach.

These concerns are well-founded. A shocking 55% of those surveyed reported that their mobile and remote workers have knowingly put corporate data at risk in the past year. Further, the survey found that the top causes of data breaches over the past 12 months were phishing attacks (31%), unintentional insider data loss (30%) and ransomware (29%), highlighting that employee actions are persistently to blame.

Consequently, trust in employees has suffered, with 40% of respondents going as far as to say that their mobile and remote workers don’t care about security.

Three key steps to mitigating employee-driven data breaches

Such statistics are damning, highlighting employees as a significant vulnerability for businesses in today’s landscape.

So, what can be done to address this? Critically, there are three key steps that organizations should be looking to take.

#1 – Education and training
According to Apricorn’s research, training and education are essential starting points. A staggering 73% of remote employees lack the skills and technology needed to keep data safe, despite being willing to comply with security measures. Organizations must bridge this gap between trust and capability by investing in comprehensive training programs to establish a robust and secure data environment.

#2 – Investing in the right technologies
Organizations can also enhance their defenses by equipping employees with the technologies needed to better safeguard data. For example, providing remote and mobile employees with whitelisted, removable USBs and hard drives that encrypt all data in an automated way will help ensure secure data storage both at rest and on the move. This approach allows the organization to vet the hardware in such a way that it can be used in otherwise locked down USB ports Additionally, limiting access to the corporate network via unmanaged devices can reduce the risk of both intentional and accidental breaches.

#3 – Establishing several forms of backup
Thirdly, it’s critical to have backups in place should preventative security measures fail. However, companies shouldn’t simply rely on one form of backup. The 3-2-1 rule offers a simple yet effective strategy to follow: maintain a minimum of three copies of data (one primary and two backups) in at least two different locations, with one dataset stored offline. This approach will ensure that rapid data recovery can be achieved even if networks are compromised, helping organizations quickly resume operations.

Already Taking Steps in the Right Direction
The good news is that despite the rise in employee risk and distrust, organizations are making significant strides in managing the growing risk landscape. Indeed, Apricorn’s research shows that organizations are actively working to rein in responsibility from their employees and better control potential vulnerabilities.

When asked about their information security strategies and policies regarding employees’ use of personal IT equipment for remote work, 54% of IT security decision-makers in the UK and U.S. reported allowing such practices. Further, companies are working to control access to systems and data through installed software, with over half of businesses taking crucial steps to lock down employee device usage and regain control of corporate data.

Data breaches are an unfortunate reality, but it’s encouraging to see organizations now taking proactive measures to mitigate these risks. Indeed, many are clearly implementing more robust controls and investing in advanced technologies to safeguard sensitive information.

With that said, there is more work to be done, with such a transition being especially vital in an era where remote and hybrid working has become the norm.

By using a combination of methods to enhance employee awareness and manage staff responsibilities, organizations can more effectively handle human-led risks in an increasingly remote and hybrid world. Human error is inevitable, but improving awareness and enhancing controls can significantly reduce the likelihood of staff being deceived by increasingly intelligent and

tailored social engineering attacks. Even if threat actors successfully inject malware or steal data for ransom, organizations with the right tools, software, and backup solutions can recover swiftly and minimize downtime.

The key is to be proactive, enhancing workforce resilience and strengthening security to better combat the growing prevalence of cyber threats.

Featured

  • 2025 Gun Violence Statistics Show Signs of Progress

    Omnilert, a national leader in AI-powered safety and emergency communications, has released its 2025 Gun Violence Statistics, along with a new interactive infographic examining national and school-related gun violence trends. In 2025, the U.S. recorded 38,762 gun-violence deaths, highlighting the continued importance of prevention, early detection, and coordinated response. Read Now

  • Big Brand Tire & Service Rolls Out Interface Virtual Perimeter Guard

    Interface Systems, a managed service provider delivering remote video monitoring, commercial security systems, business intelligence, and network services for multi-location enterprises, today announced that Big Brand Tire & Service, one of the nation’s fastest-growing independent tire and automotive service providers, has eliminated costly overnight break-ins and significantly reduced trespassing and vandalism at a high-risk location. The company achieved these results by deploying Interface Virtual Perimeter Guard, an AI-powered perimeter security solution designed to deter incidents before they occur. Read Now

  • The Evolution of ID Card Printing: Customer Challenges and Solutions

    The landscape of ID card printing is evolving to meet changing customer needs, transitioning from slow, manual processes to smart, on-demand printing solutions that address increasingly complex enrollment workflows. Read Now

  • TSA Awards Rohde & Schwarz Contract for Advanced Airport Screening Ahead of Soccer World Cup 2026

    Rohde & Schwarz, a provider of AI-based millimeter wave screening technology, announced today it has won a multi-million dollar award from TSA to supply its QPS201 AIT security scanners to passenger security screening checkpoints at selected Soccer World Cup 2026 host city airports. Read Now

  • Brivo, Eagle Eye Networks Merge

    Dean Drako, Chairman of Brivo, the leading global provider of cloud-native access control and smart space technologies, and Founder of Eagle Eye Networks, the global leader in cloud AI video surveillance, today announced the two companies will merge, creating the world’s largest AI cloud-native physical security company. The merged company will operate under the Brivo name and deliver a truly unified cloud-native security platform. Read Now

Most   Popular

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.