Into the Breach: Why Employees Remain the Achilles Heel

  • By Kurt Markley
  • Aug 26, 2024

The past half decade has seen culture and flexibility springboard to the top of employees’ priority lists.

As a recent survey conducted by job site Monster shows, 26% of U.S. workers would alarmingly rather get a root canal than work in the office five days a week, while 38% stated that they would consider quitting their jobs if they were told that they had to work in the office just one day a week.

Employee preferences have to be balanced with the business’ need for in-office teams, therefore more organizations are turning to a hybrid mode that provides for both remote and in-office work. In fact, a May 2024 Gallup Indicators Report on Hybrid Work shows that the majority of organizations - 53% - are taking advantage of a hybrid model.

A hybrid work model that provides some autonomy for employees to choose where to work allows organizations to tap into a broader employee pool, both in terms of interest and geographical reach, thereby attracting and retaining top-tier talent. In stark contrast, organizations that cling to the traditional 9-to-5, five-days-a-week model risk losing their workforce to more adaptable competitors.

However, this shift towards at least part-time remote and mobile working is not without its challenges. Indeed, a new study from Apricorn sheds light on the security risks that come with this newfound flexibility. Surveying over 600 IT security decision-makers at large companies in the UK and U.S., nearly two-thirds (63%) expressed concern that their mobile and remote workers are likely to expose their organization to the risk of a data breach.

These concerns are well-founded. A shocking 55% of those surveyed reported that their mobile and remote workers have knowingly put corporate data at risk in the past year. Further, the survey found that the top causes of data breaches over the past 12 months were phishing attacks (31%), unintentional insider data loss (30%) and ransomware (29%), highlighting that employee actions are persistently to blame.

Consequently, trust in employees has suffered, with 40% of respondents going as far as to say that their mobile and remote workers don’t care about security.

Three key steps to mitigating employee-driven data breaches

Such statistics are damning, highlighting employees as a significant vulnerability for businesses in today’s landscape.

So, what can be done to address this? Critically, there are three key steps that organizations should be looking to take.

#1 – Education and training
According to Apricorn’s research, training and education are essential starting points. A staggering 73% of remote employees lack the skills and technology needed to keep data safe, despite being willing to comply with security measures. Organizations must bridge this gap between trust and capability by investing in comprehensive training programs to establish a robust and secure data environment.

#2 – Investing in the right technologies
Organizations can also enhance their defenses by equipping employees with the technologies needed to better safeguard data. For example, providing remote and mobile employees with whitelisted, removable USBs and hard drives that encrypt all data in an automated way will help ensure secure data storage both at rest and on the move. This approach allows the organization to vet the hardware in such a way that it can be used in otherwise locked down USB ports Additionally, limiting access to the corporate network via unmanaged devices can reduce the risk of both intentional and accidental breaches.

#3 – Establishing several forms of backup
Thirdly, it’s critical to have backups in place should preventative security measures fail. However, companies shouldn’t simply rely on one form of backup. The 3-2-1 rule offers a simple yet effective strategy to follow: maintain a minimum of three copies of data (one primary and two backups) in at least two different locations, with one dataset stored offline. This approach will ensure that rapid data recovery can be achieved even if networks are compromised, helping organizations quickly resume operations.

Already Taking Steps in the Right Direction
The good news is that despite the rise in employee risk and distrust, organizations are making significant strides in managing the growing risk landscape. Indeed, Apricorn’s research shows that organizations are actively working to rein in responsibility from their employees and better control potential vulnerabilities.

When asked about their information security strategies and policies regarding employees’ use of personal IT equipment for remote work, 54% of IT security decision-makers in the UK and U.S. reported allowing such practices. Further, companies are working to control access to systems and data through installed software, with over half of businesses taking crucial steps to lock down employee device usage and regain control of corporate data.

Data breaches are an unfortunate reality, but it’s encouraging to see organizations now taking proactive measures to mitigate these risks. Indeed, many are clearly implementing more robust controls and investing in advanced technologies to safeguard sensitive information.

With that said, there is more work to be done, with such a transition being especially vital in an era where remote and hybrid working has become the norm.

By using a combination of methods to enhance employee awareness and manage staff responsibilities, organizations can more effectively handle human-led risks in an increasingly remote and hybrid world. Human error is inevitable, but improving awareness and enhancing controls can significantly reduce the likelihood of staff being deceived by increasingly intelligent and

tailored social engineering attacks. Even if threat actors successfully inject malware or steal data for ransom, organizations with the right tools, software, and backup solutions can recover swiftly and minimize downtime.

The key is to be proactive, enhancing workforce resilience and strengthening security to better combat the growing prevalence of cyber threats.

Featured

  • Security Today Announces The Govies Government Security Award Winners for 2025

    Security Today is pleased to announce the 2025 winners in The Govies Government Security Awards. The awards honor outstanding government security products in a variety of categories. Read Now

  • Survey: 60 Percent of Organizations Using AI in IT Infrastructure

    Netwrix, a cybersecurity provider focused on data and identity threats, today announced the release of its annual global 2025 Cybersecurity Trends Report based on a global survey of 2,150 IT and security professionals from 121 countries. It reveals that 60% of organizations are already using artificial intelligence (AI) in their IT infrastructure and 30% are considering implementing AI. Read Now

  • New Research Reveals Global Video Surveillance Industry Perspectives on AI

    Axis Communications, the global industry leader in video surveillance, has released its latest research report, ‘The State of AI in Video Surveillance,’ which explores global industry perspectives on the use of AI in the security industry and beyond. The report reveals current attitudes on AI technologies thanks to in-depth interviews with AI experts from Axis’ global network and a comprehensive survey of more than 5,800 respondents, including distributors, channel partners, and end customers across 68 countries. The resulting insights cover AI integration and the opportunities and challenges that exist with regard to security, safety, business intelligence, and operational efficiency. Read Now

  • SIA Urges Tariff Relief for Security Industry Products

    Today, the Security Industry Association has sent a letter to U.S. Trade Representative Jamieson Greer and U.S. Secretary of Commerce Howard Lutnick requesting relief from tariffs for security industry products and asking that the Trump administration formulate a process that allows companies to apply for product-specific exemptions. The security industry is an important segment of the U.S. economy, contributing over $430 billion in total economic impact and supporting over 2.1 million jobs. Read Now

  • Report Shows Cybercriminals Continue Pivot to Stealthier Tactics

    IBM recently released the 2025 X-Force Threat Intelligence Index highlighting that cybercriminals continued to pivot to stealthier tactics, with lower-profile credential theft spiking, while ransomware attacks on enterprises declined. IBM X-Force observed an 84% increase in emails delivering infostealers in 2024 compared to the prior year, a method threat actors relied heavily on to scale identity attacks. Read Now

Most   Popular

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection.