According to Verizon’s 2022 Data Breach Investigations Report (DBIR), 82% of data breaches involved the human element. When that percentage is used to determine how many of the 1,802 data breaches in 2022 could have been avoided if human error were not a factor, the number is an eye-opening 1,478. That makes a compelling case for ensuring employees are working in a cybersecure way.
Taking steps to reduce human error can help protect both physical and digital security in an enterprise. Providing employees with cybersecurity training is an effective way to empower them to become one of the strongest links in the chain of cybersecurity, not the weakest link.
When it comes to creating a cybersecure culture, enterprises must train employees on best practices for both physical security and digital security.
Physical Security
Physical security should work hand-in-hand with digital security to protect sensitive company information and data. Enterprises should focus on training employees in physical security best practices and how to avoid physical security errors.
One of the most basic ways to ensure physical security is training employees to identify and report suspicious individuals and activities.
Employees should also be aware of the security risk of leaving sensitive documents visible for anyone to see. Busy employees can sometimes leave sensitive documents unattended on desks or printer trays where anyone could view or take them. Educating employees on the security risks of this behavior will help them be more mindful of avoiding this practice.
When it comes to keeping sensitive information from prying eyes, employees should also be reminded to keep log-in information out of sight.
Employees should also learn the importance of not allowing tailgating (allowing an unauthorized person to follow them through a secure door). If a cybercriminal gains physical access to a space, enterprise data and systems become vulnerable to compromise and theft. Making employees aware of this practice will help reduce the incidence of unverified people entering the building.
Another way to increase physical security is by educating employees to follow proper procedures such as remembering to lock cabinets and doors, making it a practice to log out of applications and networks when away from their computers, and avoiding connecting an unfamiliar device to the network.
Digital Security
Providing employees with secure digital tools and cybersecurity training is also vital to protecting enterprise data and assets.
One of the best ways organizations can help employees remain cybersecure is by providing them with secure-by-design communication and collaboration platforms. Equipping employees with full-featured mobile messaging and collaboration tools with built-in security, control, and compliance is a business-critical essential for keeping external threats out and protecting data security and privacy.
Another key to keeping data secure and employees safe is to ban the use or download of unauthorized applications. Enterprises should educate employees on how something as seemingly harmless as downloading and using a consumer-grade collaboration app can put the organization’s security at risk, providing a gateway for cybercriminals to access sensitive company systems and data. Once a threat actor has this access, they can attack smart building systems and connected IoT devices used in the organization.
To avoid data breaches, it is important for employees to get in the habit of creating strong and unique passwords. This is a critical best practice considering that weak passwords were the root cause of 81% of all data breaches, according to the Verizon DBIR. Organizations should require regular password changes and advise employees to avoid using the same password for multiple accounts. Password managers can be used to eliminate the need for employees to create and remember strong passwords.
Beyond creating strong passwords, enterprises should educate employees on basic security practices such as recognizing, avoiding, and reporting phishing attacks; avoiding clicking on suspicious emails, links, and pop-ups; and keeping software up to date.
Employees play a vital role in strengthening physical and digital security in an organization. Enterprises that don’t focus on training employees in fundamental security best practices do so at their peril considering the average cost of a data breach is now $4.35 million.
There is no question that to be human is to err. However, in an environment of relentless cybersecurity attacks, reducing human error is essential to protecting business data, revenue, and reputation.
Anurag Lal is the CEO and President of NetSfere, a secure enterprise communication platform.