Into the Breach: Why Employees Remain the Achilles Heel

  • By Kurt Markley
  • Aug 26, 2024

The past half decade has seen culture and flexibility springboard to the top of employees’ priority lists.

As a recent survey conducted by job site Monster shows, 26% of U.S. workers would alarmingly rather get a root canal than work in the office five days a week, while 38% stated that they would consider quitting their jobs if they were told that they had to work in the office just one day a week.

Employee preferences have to be balanced with the business’ need for in-office teams, therefore more organizations are turning to a hybrid mode that provides for both remote and in-office work. In fact, a May 2024 Gallup Indicators Report on Hybrid Work shows that the majority of organizations - 53% - are taking advantage of a hybrid model.

A hybrid work model that provides some autonomy for employees to choose where to work allows organizations to tap into a broader employee pool, both in terms of interest and geographical reach, thereby attracting and retaining top-tier talent. In stark contrast, organizations that cling to the traditional 9-to-5, five-days-a-week model risk losing their workforce to more adaptable competitors.

However, this shift towards at least part-time remote and mobile working is not without its challenges. Indeed, a new study from Apricorn sheds light on the security risks that come with this newfound flexibility. Surveying over 600 IT security decision-makers at large companies in the UK and U.S., nearly two-thirds (63%) expressed concern that their mobile and remote workers are likely to expose their organization to the risk of a data breach.

These concerns are well-founded. A shocking 55% of those surveyed reported that their mobile and remote workers have knowingly put corporate data at risk in the past year. Further, the survey found that the top causes of data breaches over the past 12 months were phishing attacks (31%), unintentional insider data loss (30%) and ransomware (29%), highlighting that employee actions are persistently to blame.

Consequently, trust in employees has suffered, with 40% of respondents going as far as to say that their mobile and remote workers don’t care about security.

Three key steps to mitigating employee-driven data breaches

Such statistics are damning, highlighting employees as a significant vulnerability for businesses in today’s landscape.

So, what can be done to address this? Critically, there are three key steps that organizations should be looking to take.

#1 – Education and training
According to Apricorn’s research, training and education are essential starting points. A staggering 73% of remote employees lack the skills and technology needed to keep data safe, despite being willing to comply with security measures. Organizations must bridge this gap between trust and capability by investing in comprehensive training programs to establish a robust and secure data environment.

#2 – Investing in the right technologies
Organizations can also enhance their defenses by equipping employees with the technologies needed to better safeguard data. For example, providing remote and mobile employees with whitelisted, removable USBs and hard drives that encrypt all data in an automated way will help ensure secure data storage both at rest and on the move. This approach allows the organization to vet the hardware in such a way that it can be used in otherwise locked down USB ports Additionally, limiting access to the corporate network via unmanaged devices can reduce the risk of both intentional and accidental breaches.

#3 – Establishing several forms of backup
Thirdly, it’s critical to have backups in place should preventative security measures fail. However, companies shouldn’t simply rely on one form of backup. The 3-2-1 rule offers a simple yet effective strategy to follow: maintain a minimum of three copies of data (one primary and two backups) in at least two different locations, with one dataset stored offline. This approach will ensure that rapid data recovery can be achieved even if networks are compromised, helping organizations quickly resume operations.

Already Taking Steps in the Right Direction
The good news is that despite the rise in employee risk and distrust, organizations are making significant strides in managing the growing risk landscape. Indeed, Apricorn’s research shows that organizations are actively working to rein in responsibility from their employees and better control potential vulnerabilities.

When asked about their information security strategies and policies regarding employees’ use of personal IT equipment for remote work, 54% of IT security decision-makers in the UK and U.S. reported allowing such practices. Further, companies are working to control access to systems and data through installed software, with over half of businesses taking crucial steps to lock down employee device usage and regain control of corporate data.

Data breaches are an unfortunate reality, but it’s encouraging to see organizations now taking proactive measures to mitigate these risks. Indeed, many are clearly implementing more robust controls and investing in advanced technologies to safeguard sensitive information.

With that said, there is more work to be done, with such a transition being especially vital in an era where remote and hybrid working has become the norm.

By using a combination of methods to enhance employee awareness and manage staff responsibilities, organizations can more effectively handle human-led risks in an increasingly remote and hybrid world. Human error is inevitable, but improving awareness and enhancing controls can significantly reduce the likelihood of staff being deceived by increasingly intelligent and

tailored social engineering attacks. Even if threat actors successfully inject malware or steal data for ransom, organizations with the right tools, software, and backup solutions can recover swiftly and minimize downtime.

The key is to be proactive, enhancing workforce resilience and strengthening security to better combat the growing prevalence of cyber threats.

Featured

  • Teaching Old Dogs, New Tricks

    After more than 30 years in the security integration business, today’s video surveillance systems are certainly not the same CCTV systems I sold and installed when I first started hanging cameras. Back in the day, there were only a handful of companies out there and one that started with a “P” stood above the rest. If you were fortunate enough to get invited to travel on their private jet out to California to tour the factory, it was a real honor. I have a picture somewhere in my garage collecting dust, of me sitting in the co-pilot seat. I know, old-man highlights, but still very cool. Read Now

  • Learning to be a Strategic Skeptic: Promoting Critical Thinking, Digital Literacy

  • Why Communication is Key in an Emergency

    During an emergency, communication with the outside world can be a critical component when it comes to response time and saving lives. Emergency communications typically consist of alerts and warnings; directives about evacuating the premises; information about response status, and other matters that can impact response and recovery. Read Now

  • Trust But Verify

    Today’s world is built on software—whether it is third-party applications, open-source libraries, in-house developed tools, operating systems, containers or firmware. Organizations worldwide depend on these diverse software components to power their operations, connect with customers, and drive innovation. However, this reliance on software comes with hidden dangers: the blind trust placed in these software products. Many companies assume that the software they purchase, and use is secure and free from vulnerabilities, but recent high-profile software supply chain breaches have proven otherwise. The reality is that every piece of software, no matter how reputable the source, increases the organization’s attack surface and poses new risks. Read Now

Most   Popular

Featured Cybersecurity

Webinars

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3