Cybersecurity: Why employees aren’t the weakest link
It seems there is a modern perception across many industries that employees are the weakest links in IT security. And, Technology news website ‘The Next Web’ writes that “given the ever-increasing frequency of data breaches – with human error often being a cause or catalyst – you’d be forgiven for thinking that employees are naturally at fault.”
With the current coronavirus crisis forcing organisations to work remotely and the media reporting increased cybercrime in light of the pandemic, it’s vital that organisations brush up on security and fix any chinks in their security chain.
Organisations must first identify what the real weaknesses are. An option for this is Auxilion’s cybersecurity risk assessment service which assesses and analyses a business’s infrastructure and comes back with results and recommendations in a clear and easy to understand manner.
Putting the blame on employees for breaches in security is easier than blaming technology. Human error is normally down to the actions of a single person, whereas software failure is more complicated to explain, a number of users are usually in some way at fault for the breach, including the software creators, the department managing it or the boardroom members who agreed to implement it?
More often than not, the real culprits of security breaches are neither employees nor technology alone; but rather companies thinking they are more secure than they actually are and have an inefficient security strategy or an unfocused company culture.
“Everyone from entry-level positions to board level, has a role to play in ensuring they and the business are safe from attacks.”
If organisations want their employees to take cybersecurity seriously, they must invest both time and money in building a security strategy and implementing appropriate software. A well-built security strategy will consider and take input from all aspects of the business. Chris Pogue, IT Pro Portal, explains that “a security programme cannot be successful without the commitment, support, evangelisation, and participating of everyone within your organisation”.
Once the strategy development is underway, the next – and most important – step is to adapt the company culture to centre around that strategy. Everyone, from entry-level positions to board level, has a role to play in ensuring they and the business are safe from attacks.
By rooting the security programme into the company culture, employees will begin to adopt the learnings and processes into their daily working routines and have much more respect for business security. And, SC magazine advises that “leaders need to do themselves what they tell their employees to do, even if it’s inconvenient”. If managers preach the importance of security measures and then cut corners themselves, employees may exercise defiance and ignore protocols.
Everyone has a responsibility, whether it’s the receptionist to the c-suite director level. Everyone has a responsibility but it’s back to user education, making sure there’s a clear message, making sure everyone is aware of potential risks and exposure and making sure that those gaps are closed from the bottom up but obviously from the top down.
A complete security strategy that is rooted within the company culture could enable employees to become powerful assets to business security. Contact us today to learn how Auxilion can help you secure your organisation from cybersecurity threats.