Cybersecurity is a crucial part of any business, but new research shows employees are overwhelmingly trying to skirt online precautions to access blocked websites or services.
One report from Dtex Systems showed 95% percent of organizations have employees trying to get around security measures in their workplace.
According to the report, employees were using virtual private networks (VPNs), surfing the web anonymously through browsers, and using hacking programs like Metasploit, which tests system vulnerabilities. Many employers put these parameters in place for productivity reasons, and this research proves employees are getting smarter about how to bypass these measures.
The Dtex report also finds that security breaches in companies are largely the result of employees, with 60% of breaches credited to insiders. Of those insider breaches, 68% are due to neglect, 22% are malicious attacks and 10% are caused by stolen credentials.
One of the alarming insights from these insider breaches has to do with employees storing information on cloud services, an incredibly popular way to save data these days. Sixty-four percent of companies found corporate information publicly available online because it was sourced from a cloud service. A large number of employees, 87%, are using their personal, web-based email accounts on company computers and devices, which opens up company data to hackers.
In addition to neglectful online practices, the report found inappropriate internet use among employees in the workplace. Almost 60% of companies surveyed found employees accessing pornographic material during work hours, and 43% found them partaking in online gambling.
Another study from Willis Towers Watson, an advisory company, had very similar findings. Its study shows two-thirds of the cyberattacks on companies result from employee negligence or malicious activity, and only 18% are the result of external breaches.
When it comes to protecting company information, it is very important to focus on human resource data and applicant tracking data. This type of information is the focus for many hackers, because selling personal information is lucrative on the black market.
The personal information in HR systems includes Social Security numbers, bank information and other data that hackers can sell to steal identities. And hackers can get a whole crop of this information if they get access to an entire HR database, making these very vulnerable places when it comes to company cybersecurity.
Kimberley Smathers, the director of information security and compliance at Jobvite, lays out a few ways to ensure HR data is safe. One thing to ask hosting services in charge of HR data is where they host their data. If it's in the cloud, an increasingly popular choice, make sure they take other precautions to protect this data.
To ensure these precautions will happen, she suggests asking if the hosting service has any certifications. If the provider has a certification, this means an independent auditor verified them as credible, and that's something a company wants when it comes to ensuring security.
These tips are for protecting against larger threats, but as these various reports show, most security issues come from human negligence.
HR Dive looked into ways companies can encourage better security habits among its employees to avoid phishing and spoofing attacks.
One of the suggestions from cybersecurity expert Michael Overly, partner at Foley & Lardner, is to know how your employees are storing data. How are people storing, working on and deleting data? Once this is established, IT experts can put in place the correct encryption and security options in place.
Overly also suggests monitoring activity, and noticing if employees are logging on at strange times or for prolonged periods, and checking to see what they are working on. Monitoring social media use and software downloads also helps protect company data from outside hackers.
BenefitsPro
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.