A recent study by the Ponemon Institute reveals some of the security headaches that business executives face with employees and risk management practices. The study shows why employees can be one of the main reasons for breach within a company and why best security practices and policies don’t end up working to ensure proper steps are taken to secure an organization from threats.
Out of 1,000 IT pros surveyed, 54% of them find negligent employees to be the root cause of a data breach. Out of this number 59% say they do not have visibility into their employees’ password practices. However, only 43% of security pros have a password policy in place and 68% say they do not strictly enforce their policy or are unsure.
With this being the case, it isn’t surprising that employees can end up being the cause of a breach. It is also no shock that security executives aren’t enforcing policies or are unsure of whether or not the policies are being met. At the same time, without being sure of password practices and not enforcing any policies, organizations can’t expect different employee password choices.
Also, the point of securing an organization isn’t to slow down business operations, which is probably why those leading security within an enterprise find themselves at a crossroads in enforcing password policies.
You want to maintain harmony, while educating those who work within the organization. So, instead of focusing on implementing password policies the next best solution for organizations is to proactively keep eyes on the network, train employees to recognize threats, and get employees into the habit of not clicking on any link or downloading all attachments from an email.
Day-to-day reminders of how to get into the natural habit of being aware of potential threats as they work is one of the ways security pros can overcome the problems with employee password habits when they have no way of implementing better password practices. It also assists in another security headache the study revealed, which is the rise of ransomware.
Within 3 to more than 12 months, 51% of organizations experienced either an unsuccessful or successful ransomware attack. Out of this number, 53% of organizations had more than one ransomware attack during this period and 79% said the ransomware was spread through a phishing/social engineering attack.
With small and mid-sized businesses becoming huge targets for hackers it is important to add to your security training, measures that allow you to evaluate your network’s vulnerabilities. For this reason, your organization should conduct routine security assessments.
There are many steps organizations need to take when thinking about security against today’s cyber risks; and even though negligent employees are considered the weakest link for many executives, it isn’t enough to provide security training to ensure overall enterprise protection. A holistic security approach is what leads to a true sense of security, especially when risks vary in shape and size.
Give us a call to conduct your next security assessment or to talk about your security needs.
Photo courtesy of iQoncept