After the rise of the coronavirus, the workplace has changed forever. Hybrid working, and even working from home completely, has become the new norm and the most convenient way of completing projects, devising strategies, and building budgets. This is definitely progress post-pandemic, but it comes with its own set of challenges.
For example, how secure is your internet connection at home when working with sensitive company data? How many people (and kids, in particular) use an employee’s personal computer at home and are they sensible enough to not tamper with any official files?
Most companies have security protocols in case of an outside attack but what they don’t often realize is that the largest threat is usually from within. Almost every security breach reported is pinned on human error – a fact that suggests the employees are the ones mostly at fault. This is, in part, due to the organizational culture and lack of a proactive approach towards cybersecurity.
Cyber attackers use highly sophisticated methods of targeting front-line employees and even CEOs. Information is available publicly – for example, LinkedIn and even the company website contain details like email addresses, work history, connections, education, etc. – which makes it easier for attackers to make personalized attacks.
They can use the employee as a touchpoint to exploit sensitive company data and if an employee is not sufficiently educated in cybersecurity, they can fall victim to such spear-phishing. Identifying a cyber attack is much harder than avoiding one in the first place. That is why 95% of security breaches are blamed on human error, proving people to be the weakest link in cybersecurity.
Organizations invest heavily in beefing up their cybersecurity which includes VPNs, encryption, anti-virus softwares, scanning, and whatnot. But the question is: how much are they investing in their people? An annual cybersecurity conference has proven to be mostly ineffectual, and bombarding people with information at a time they are feeling overwhelmed is also not recommended.
Organizations need to come up with new ways to increase cybersecurity awareness in their employees. In this digital age, employees assume that the company will have ample measures in place to protect itself. They don’t realize the dangers of clicking on rogue links and opening unverified attachments – actions which can play a significant role in a security breach.
While technology can filter out most attacks, it can not eliminate every threat. Employees represent the last line of defence and they should be educated on cybersecurity, how to deal with potential threats, and how to report them. For this reason, leaders of an organization have the challenge of presenting this information in a way that is easy to understand and retain, because making good cybersecurity decisions is the last thing on an already overwhelmed employee’s mind.
The important takeaway, though, from this discussion is that employees should be seen as powerful security assets rather than risks. Companies can not rely on retaliation alone anymore, a company culture of awareness and proactivity needs to be nurtured in order to provide greater overall protection.