Data center experts have known for some time that employees have been among the top concerns when it comes to vulnerabilities to cyberattacks.
However, a recent report revealed that the problem may be more extensive than previously suspected. According to QinetiQ, companies are vulnerable to many cyberattacks because they don’t have an understanding of how to manage employee behavior — from negligence to more purposeful intrusions.
The British company said that programs designed to equip employees to be alert about security risks are essential as part of efforts to cut down on cybercrime. According to data gathered from enterprise companies, 90 percent reported experiencing some type of security breach in 2015. In addition, 81 percent said employees’ actions contributed to the vulnerabilities.
A recent IBM report also revealed a similar pattern; it indicated 95 percent of incidents that were investigated in 2013 could be traced to human error.
Addressing the weak link
To minimize the impact of cyberattacks, a policy must be implemented to address security risks.
“To educate and influence the behaviour of employees is to restrict the easiest attack route into a business,” said Simon Bowyer, a QinetiQ senior consultant. “When employees have a natural inclination towards security by virtue of an integrated company ethos, they are motivated to remain alert to risks and unusual behaviours.”
Here are several tips to minimize security risks caused by employees:
1. Educate employees about cyber attacks. Don’t assume your employees have the same concerns about cybercrime as you do. Without regularly putting employees on alert about cyber threats and the extensive financial damage it can cause, there’s little reason for them to be diligent about taking measures to secure company data.
2. Implement strict password guidelines. Effective passwords are core components of a security system. Make sure that they are complex, requiring a mix of numbers, letters and symbols, and that employees aren’t lax about sharing their passwords. Set up a policy that requires that they regularly update them as well.
3. Limit access to sensitive data and equipment. Determine which employees should be allowed to have access to sensitive data and data center equipment. As part of that policy, determine the level of access the employees should have, ensuring that proper measures are in place to protect employee and customers’ personal information.
These are just a few ways companies can minimize the risks associated with employees exposing your operations to vulnerabilities to cyber attacks. Seek the advice of a data center expert to develop a comprehensive plan.