Into the Breach: Why Employees Remain the Achilles Heel

The past half decade has seen culture and flexibility springboard to the top of employees’ priority lists.

As a recent survey conducted by job site Monster shows, 26% of U.S. workers would alarmingly rather get a root canal than work in the office five days a week, while 38% stated that they would consider quitting their jobs if they were told that they had to work in the office just one day a week.

Employee preferences have to be balanced with the business’ need for in-office teams, therefore more organizations are turning to a hybrid mode that provides for both remote and in-office work. In fact, a May 2024 Gallup Indicators Report on Hybrid Work shows that the majority of organizations - 53% - are taking advantage of a hybrid model.

A hybrid work model that provides some autonomy for employees to choose where to work allows organizations to tap into a broader employee pool, both in terms of interest and geographical reach, thereby attracting and retaining top-tier talent. In stark contrast, organizations that cling to the traditional 9-to-5, five-days-a-week model risk losing their workforce to more adaptable competitors.

However, this shift towards at least part-time remote and mobile working is not without its challenges. Indeed, a new study from Apricorn sheds light on the security risks that come with this newfound flexibility. Surveying over 600 IT security decision-makers at large companies in the UK and U.S., nearly two-thirds (63%) expressed concern that their mobile and remote workers are likely to expose their organization to the risk of a data breach.

These concerns are well-founded. A shocking 55% of those surveyed reported that their mobile and remote workers have knowingly put corporate data at risk in the past year. Further, the survey found that the top causes of data breaches over the past 12 months were phishing attacks (31%), unintentional insider data loss (30%) and ransomware (29%), highlighting that employee actions are persistently to blame.

Consequently, trust in employees has suffered, with 40% of respondents going as far as to say that their mobile and remote workers don’t care about security.

Three key steps to mitigating employee-driven data breaches

Such statistics are damning, highlighting employees as a significant vulnerability for businesses in today’s landscape.

So, what can be done to address this? Critically, there are three key steps that organizations should be looking to take.

#1 – Education and training
According to Apricorn’s research, training and education are essential starting points. A staggering 73% of remote employees lack the skills and technology needed to keep data safe, despite being willing to comply with security measures. Organizations must bridge this gap between trust and capability by investing in comprehensive training programs to establish a robust and secure data environment.

#2 – Investing in the right technologies
Organizations can also enhance their defenses by equipping employees with the technologies needed to better safeguard data. For example, providing remote and mobile employees with whitelisted, removable USBs and hard drives that encrypt all data in an automated way will help ensure secure data storage both at rest and on the move. This approach allows the organization to vet the hardware in such a way that it can be used in otherwise locked down USB ports Additionally, limiting access to the corporate network via unmanaged devices can reduce the risk of both intentional and accidental breaches.

#3 – Establishing several forms of backup
Thirdly, it’s critical to have backups in place should preventative security measures fail. However, companies shouldn’t simply rely on one form of backup. The 3-2-1 rule offers a simple yet effective strategy to follow: maintain a minimum of three copies of data (one primary and two backups) in at least two different locations, with one dataset stored offline. This approach will ensure that rapid data recovery can be achieved even if networks are compromised, helping organizations quickly resume operations.

Already Taking Steps in the Right Direction
The good news is that despite the rise in employee risk and distrust, organizations are making significant strides in managing the growing risk landscape. Indeed, Apricorn’s research shows that organizations are actively working to rein in responsibility from their employees and better control potential vulnerabilities.

When asked about their information security strategies and policies regarding employees’ use of personal IT equipment for remote work, 54% of IT security decision-makers in the UK and U.S. reported allowing such practices. Further, companies are working to control access to systems and data through installed software, with over half of businesses taking crucial steps to lock down employee device usage and regain control of corporate data.

Data breaches are an unfortunate reality, but it’s encouraging to see organizations now taking proactive measures to mitigate these risks. Indeed, many are clearly implementing more robust controls and investing in advanced technologies to safeguard sensitive information.

With that said, there is more work to be done, with such a transition being especially vital in an era where remote and hybrid working has become the norm.

By using a combination of methods to enhance employee awareness and manage staff responsibilities, organizations can more effectively handle human-led risks in an increasingly remote and hybrid world. Human error is inevitable, but improving awareness and enhancing controls can significantly reduce the likelihood of staff being deceived by increasingly intelligent and

tailored social engineering attacks. Even if threat actors successfully inject malware or steal data for ransom, organizations with the right tools, software, and backup solutions can recover swiftly and minimize downtime.

The key is to be proactive, enhancing workforce resilience and strengthening security to better combat the growing prevalence of cyber threats.

Featured

  • An Inside Look From Napco at ISC West

    Get a look into the excitement at ISC West 2025 from Napco. Hear from some of their top-tech executives live from the show floor. Read Now

    • Industry Events
    • ISC West
  • Upping the Ante

    I am not a betting man in terms of cards, dice, blackjack or that wheel with the black marble racing around the circumference of a spinning wheel, but I would bet on the success of ISC West this year. Read Now

    • Industry Events
    • ISC West
  • It's Show Time

    I am one of those people that likes to see things get bigger and better. As advertised, ISC West is going to be bigger (more exhibitors) and better (more attendees). It’s show time in Las Vegas. Read Now

    • Industry Events
    • ISC West
  • SIA Releases New Report on Operational Security Technology

    The Security Industry Association (SIA) has released an impactful new resource – Operational Security Technology: Principles, Challenges and Achieving Mission-Critical Outcomes Leveraging OST. Read Now

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.