A new study has found that 90% of employees regularly transferred company data onto unencrypted and unauthorized USB devices, putting that information at risk of data breaches.
Dtex Systems’ report analyzed anonymous records of organizations across North and South America, Europe, and the Asia–Pacific region, assessing employees’ awareness of cybersecurity practices. Worryingly, the study also found that:
- 91% of employees accessed their personal email accounts at work, exposing their organization to a greater variety of email-based threats, such as phishing
- Employees at 67% of organizations visited websites notorious for delivering malware, such as online gaming and pornography sites
- Employees at 60% of organizations used virtual private networks to bypass security controls or searched online for how to do this
Christy Wyatt, Dtex Systems’ CEO, said: “While malicious users are always looking for new ways to defy security controls, not all internal risk comes from bad intent. Negligent employees don’t always understand when they are engaged in damaging activities. These trusted users can fall prey to bad actors looking to steal their credentials. The lack of visibility into all types of user behaviors is creating employee-driven vulnerability problems for every business.
“Organizations have to secure data, neutralize risky behaviors and protect trusted employees against attacks and their own errors. To accomplish all of this, they have to see how their people are behaving and have a mechanism that provides alerts when things are go wrong.”
Richard Stiennon, chief research analyst at IT-Harvest, added: “Business needs to get out of the cybersecurity denial phase it is stuck in. To do this, it must accept that it needs more visibility into what’s going on in its environment. This report is a needed reminder of just how oblivious organizations are to high-risk activities that lead to things like data breaches, ransomware attacks and IP theft.”
Help employees help themselves
Organizations will no doubt be frustrated that, amid the growing rise of cyber crime, their own employees pose such a big threat. Educating staff on the ways they potentially expose data helps organizations turn one of their biggest vulnerabilities into an area of strength. You can find everything you need to teach your employees in our Information Security Staff Awareness eLearning Course.
This course aims to reduce the likelihood of human error in your organization by familiarizing non-technical staff with security awareness policies and procedures. It ensures that information assets are better protected, and increases customer and employee confidence in your organization.