In this digital age navigating information security can feel like a minefield. Cyber criminals are getting smarter, data breaches are making headlines nearly every day and regulations are due to come into force which could see organisations fined 4% of annual global turnover or €20 million for any given data breach. Whichever is greater. Needless to say cyber security is now high on the agenda for the c-suite. But it’s not just threats from the outside that your organisation needs to be concerned with.
For a long time, cyber security professionals have acknowledged that the weakest link in an organisation’s information security is its employees. Even with the best security system in the world in place, staff still need free reign to carry out their jobs, making the human error element an ever-present challenge within all businesses.
>See also: Is your business too complacent about cyber security?
Over the last couple of years, there’s been a host of data breaches which have been the result of employee ignorance when it comes to security. There have been cases of employees falling victim to phishing emails, login credentials being stolen through social engineering and even instances where employees have downloaded sensitive data to their personal devices, which aren’t encrypted and have subsequently been stolen, exposing that sensitive information.
After all, not all employees in a business can be expected to have the same level of cyber security awareness as an IT professional.
To better understand what’s happening to cause these employee security slips ups, we surveyed over 1000 UK office workers on their use of the cloud, file sharing sites and personal devices in the workplace – areas which have historically fallen outside of the remit of information security systems.
Sharp found that one in 12 people (8%) said they have had access to confidential information that they should not have had. A worrying thought given that not following company policy was commonplace, with a quarter of respondents (24%) admitting to storing work information in the public cloud even though they are not permitted to.
Just under a quarter (23%) of workers use public file sharing services for work information even though they’re not allowed to, and 31% ignore office protocol and take work home to complete.
>See also: IoT boom and GDPR raise the stakes of a cyber security breach
However, security risks from employees are not just limited to digital information; two-thirds of workers (59%) reported that colleagues leave printed pages in the printer tray, significantly increasing the chances of documents being seen by the wrong person in the office.
Installing a strong network security system is a given for any business, but it won’t tackle these people-based security issues on its own. Technology can only get you so far. The adoption of robust data protection policies and practices needs to be a priority. And with cyber security a growing item on the c-suite agenda, thanks to the incoming General Data Protection Regulation (GDPR), it’s critical that employees are educated on everyday risks they could be inadvertently opening their organisation up to now, before it’s too late.
Sourced by Stuart Sykes, managing director at Sharp Business Systems UK
The UK’s largest conference for tech leadership, Tech Leaders Summit, returns on 14 September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here
