Employee data sharing is still a cybersecurity weak link at small businesses
The statistics from a recent survey tell us businesses still have a challenge with cybersecurity behavior of their employees. Dell End-User Security Survey 2017 discovered that for small businesses:
54% of employees connected to public Wi-Fi to access confidential work
68% used personal email accounts for confidential work
22% lost a company-issued work device
All these behaviors can cause cybersecurity breaches for a small business. Hackers can easily access your network while an employee is connected to a public Wi-Fi. Most personal emails are not as secure as business email network so the opportunity for a hacker to gather confidential information on your employees or customers is greater. A lost device can be easily hacked by a cybercriminal.
The survey also found that 55% of US employees use a company issued device to access social media at work. Those entertaining surveys that people like to complete on social media may be sponsored by a cybercriminal that is gathering information about your employees, their associates and your company. A question asking who you admire most in your organization may be a way to identify other internal targets. Several seemingly innocuous questions may together create a summary for a hacker that he can leverage with other data he has collected.
Many employees want to do what is right for their company, but 21% feel IT security measures slow down their productivity. Employees feel the pressure to be efficient vs be cyber safe.
And potentially even more concerning is the survey discovered that more than one in three people said it is common to take confidential information with them when they leave a company. Your network, your customers, and your employees may be at risk when a former employee takes confidential information with them.
When asked if employees feel they fully understand how to keep sensitive company data safe, less than 40% agreed. That leaves over 60% feeling they don’t fully understand.
What can businesses do? Continued tailored education is needed. The Dell survey recommends that companies develop scenarios in their training that provide specific guidance on how to handle various situations. Cybercriminals continue to try new approaches to gather personal confidential information and to intrude into your network. Help your staff learn about new techniques used by the cybercriminals and defenses your employees can use. Make it realistic, make it personal and make it current.
About the Author - Carolyn Schrader is a seasoned cybersecurity professional and founder of the Cyber Security Group Inc., providing corporate cybersecurity services to high profile clients.