Back to Blog

Are Your Employees Exposing Your Entity to Cyberattacks?

Posted by Jim Nulsen on March 28, 2018 at 10:54 AM

“The man who makes no mistakes does not usually make anything.”

Inspiring words from Edward J. Phelps, and certainly in some aspects of life, mistakes need to be made in order to learn and grow. Unfortunately, in the increasingly digitized world in which we live, when people make mistakes online, the things they create are usually very messy and very costly.

Employees play a large role in the state of your organization’s cybersecurity. Here are some tips to help you refine your strategy:

Employee Training

Odds are you have an army of defenses against external threats, such as malware, network attacks, viruses and phishing scams. These walls can be easily scaled if your employees aren’t aligned with your cybersecurity strategies. Did you send a company-wide memo on security? Great. But as we all know, standard policies are often times skimmed through and easy to overlook.

To really capture the attention of your workers and educate them on the nuances of the latest security threats, organizations should be offering frequent and interactive training sessions. According to the Ponemon Institute, employee training is the third-most effective method of decreasing the per capita cost of a breach.

As with shampoo and conditioner, rinse and repeat is the recommended best practice for employee training. A single session is not going to arm your employees with the tools they need to keep up with the constant change in security threats.

Identify and Intervene with High-Risk Users

My mother has a list of passwords for a wide variety of websites she uses taped to her computer monitor because it’s convenient. While risky behavior like that is difficult to detect with analytics software, there are tools available to help organizations identify many common indicators of negligent or malicious activity, including:

  • Inappropriately creating, sending or storing sensitive data
  • Accessing, deleting or moving a large amount of sensitive content
  • Emails and messages that contain extremely negative sentiment against the company

While taking advantage of these types of technologies to close the risk gap against cyber threats, companies need to pay close attention to the issue of privacy, which can create a new set of challenges if not managed correctly.