Data breach! The phrase itself is enough to make even the most seasoned IT or security professional cringe. Hackers who exploit weaknesses in your security represent one of the most nefarious dangers to your business, employees, and clients.
These aren’t over-exaggerated claims, either. World famous businessman, Warren Buffet, stated that cyber crimes were the number one problem with mankind, even listing it as a bigger threat than nuclear weapons. According to the newest statistics and predictions for 2018, cyber crime is only expected to increase.
What’s even more frightening? Left to their own devices, your own employees pose your greatest risk.
Did you know that 99% of employees neglect best practices in security, thereby increasing the possibility of data breaches in their work place? Think about that figure.
99% of Office Workers Commit Actions that Dramatically Increase the Likelihood of Workplace Data Breach.
– Intermedia Data Vulnerability Report
If only 1% of employees routinely use best practices, your data is wide open to threats. While there are cases of insider threats spawned by malicious employees, the most common type of employee threat stems from a lack of following best practices rather than maliciousness.
It’s up to you to arm your employees with tools that enable them to follow security best practices. That means they need to want to use the security products you provide, and those products need to create positive security behavior changes.
Employee Behavior That Hinders Security
There are a number of reasons that employees don’t use best practices with regard to security.
The most significant reason? Experts point to the inconvenience of security as the most influential factor in employees ignoring their security training and even common sense.
Following safety protocols can mean a few extra steps in their routine. It’s easier for employees to reuse the same passwords across various sites or to set themselves as constantly logged in, rather than inputting a strong password each time they access a database. The same goes for sharing or storing passwords in plain text on their computer or on a notepad sitting on their desk
When it comes to storing and sharing data and saving login credentials, employees prioritize personal convenience over security protocols.
– Intermedia Data Vulnerability Report
Employees are knowledgeable enough to recognize that their actions don’t meet security standards. Yet, they choose to disregard the best practice for a solution that’s easier or streamlines their workflow.
It’s not that they don’t know what to do. It’s that the tools they’ve been given to defend themselves and the organization aren’t user friendly and don’t adhere to the same design principles as the apps and software they love using on a daily basis (like DropBox, Google Docs, or even Facebook).
Security needs to be made easy.
Here are a few of the more common actions employees take that are a risk to your security:
- Accessing files on personal devices. Many employees don’t think that this is a security risk. They believe that the company would be a higher risk target than the individual employee. It’s far easier for cyber criminals to hack an individual person and they often target employees as a way to gain access to the company databases.
- Keeping login information for sensitive accounts saved on their computers. Many employees keep their passwords saved on their computer so that they do not need to manually log in to their most used databases and sites. This practice is dangerous for numerous reasons. Employees should need to log in every time they access a database, and should never store passwords in plain text on notepads or Word docs.
- Using a personal password for business accounts. A lot of people stick with similar passwords so that they have an easier time remembering what it is. Best practice is not to reuse the same password at all. If one site is accessed or suffers a data breach, it can impact every account using the same password.
- Opening suspicious emails or downloading programs from unsecured sites. Employees should not be able to download programs onto their computer at all. The task of updating or installing new programs should be universal throughout the company and, ideally, a decision left for the IT department. In a company where the computers are all networked, accessing one entry point can leave the entire company at risk.
Training and education help shore up some of the areas where employees fail to use best practices to prevent a data breach. But employees will still often opt for convenience over security.
Staff needs to concentrate on maintaining productivity. Many employees have an abundance of work but a limited amount of time. This dynamic makes some employees prone to cutting corners that seem insignificant.
The question is obvious: how do you identify a tool that works seamlessly with employee workflows, is easy to use, and helps enable strong employee security behavior?
Employing a Password Manager to Merge Security and Convenience
There is a lot of information to back up the assumption that convenience is the driving force behind some of the lapses in known cyber safety measures. A password manager offers one excellent solution to make the password protected areas of your company more secure, and yet convenient for your staff to access.
This solution should be used in conjunction with other efforts, such as continued training and comprehensive security protocols. But, when you consider that weak or stolen passwords are at the root of 81% of hacker instigated data breaches, improving password efficiency should be a top priority.
A good password manager helps employees create and maintain strong passwords for every account at work and at home. It can alert them when they’re using a password that’s not secure or complex enough and assist them in changing passwords to a higher threshold of security. It can also securely auto-fill their logins so that they don’t need to keep a written record of passwords, which is also a hazard to safety standards.
The application enters your user name and password without prompting. It generates strong passwords and is a fluid application – I use it at work and at home – a perfect compliment to my daily online activities.
– Larry B., long-time user of a password manager
This tool offers all of the convenience they experienced in the lax and unsafe practices, but with increased security. Password managers also allow the company to assess how well employees adhere to safety protocol. This tool offers a number of benefits to help eliminate one of the higher threats posed from employee negligence in cyber safety.