Employee Negligence, Remote Working and Data Security
The recent attack on SolarWinds has been enough to prove that negligence remains one of the key causes in major breach incidents in our modern-day cyber world, accounting for 90% of data breaches (CybelAngel).
It’s no secret that data breaches can be damming to businesses. With news readily available to consumers, it’s estimated that 83% are aware of their retailers’ recent data security breaches. Over half of consumers say that a single data breach would negatively impact their likelihood of buying (Deloitte).
This is a crucial point for where businesses need to take note when establishing their budget for cyber and data security: data breaches have a direct knock-on impact to sales and consumer relationship, impacting a business’s bottom line. That’s an aside from resulting data breach fines and compensation.
But what do these incidents look like? According to a 2018 report from Shred-It, remote or off-site devices used for work pose a monumental risk to network security. In their study of the theft or loss of the remote devices in enterprise businesses, 34% were company mobile phones, 28% were electronic storage devices (hard drives, USBs etc.), 24% were physical papers with sensitive intel on, and 20% were company laptops.
A lost, stolen or compromised work device in the hands of a hacker can give them easy direct access to an array of different information dependent on the privilege of the stolen user’s access; this could be financial or personal data on employees, clients, customers, suppliers etc. In a Haystax survey of IT leaders, 60% remarked that privileged users with access to sensitive company information posed the biggest risk to the business (C-level executives and managers). That being said, 51% considered regular employees a large threat, and 57% external consultants or contractors. According to the Shred-It survey 1 in 5 small business owners reported that an external vendor was the cause of a data breach in their company.
Even a stolen email credential could prove disastrous to a business. Take the data breach of Snapchat in 2016 as an example; the payroll information of just over 700 current and previous employees was exposed after a cyber-attacker marauded as the company’s CEO, Evan Spiegel, tricking an employee to EMAIL over the information.
There’s a great deal still left to be said about the communication and connection between IT teams and employees, especially when it comes to the widescale adoption of home-working that companies have been forced to adapt to. A report from Tessian found that the majority of IT teams (91%) have a lot of trust in employees to adhere to safe remote-working policies put in place by the company. Sadly, around half of employees, when asked, said they were less likely to follow safe data practices when working from home.
So how can the gaps be bridged between ensuring safe remote-working practices, reducing the data breach risk posed by employee negligence, and keeping data secure when employees operate from home?
The key solution is for IT teams to take more control over the variable risks that could surface from unsecure or exposed endpoints – like the ability for unfamiliar personal devices to have access to the company network. Setting up an MDM or BYOD programme throughout the organisation can help to mitigate risks from suspicious email links, websites or WiFi networks. It can also afford the ability to remotely access devices from afar (particularly useful in a world where we are working apart), in order to patch any vulnerabilities or shut off network access from a lost or stolen device.
To find out more about how Serbus can assist in securing your remote workers and ensure an advanced level of protection on your devices, get in touch today by emailing [email protected], or call our office on +44 (0)1432 870 879.