Employee Security Ignorance an Issue

Monday, November 9, 2015 @ 04:11 PM gHale

Training is a vital aspect moving forward when it comes to security. There is technology out there that can help hold off intruders, but not enough people either care or have the understanding of how to use it.

That is evident between employees and IT within an organization with 73 percent of U.S. employees saying their company provides sufficient training, while 72 percent of IT professional believe employers are not doing enough to educate employees, according to a survey conducted by research firm, Loudhouse.

Threat Report: Mobile Attacks on Rise
Vulnerabilities in Web Security Certificates
Malware Growing by the Minute
Malware Masquerades as Chrome

This research, conducted by polling over 500 IT decision makers and 4000 employees to gauge the level of threat from insiders, underscores the need for more collaboration between the executive team, IT, HR and other employees within an organization to ensure the safety of sensitive information and intellectual property (IP).

“Most employees are not acting maliciously, but their carelessness can be just as damaging,” said Heath Davies, chief executive at Clearswift, which sponsored the survey. “Companies need to wake up to the fact that employees have the potential to cause the company huge damage through their actions, and ensure that training, policies and technology are in place to minimize that risk. Those sitting on the board need to sit up and pay attention; critical information needs to be governed at the highest levels or it could jeopardize the future of a company.”

Other key findings from the study include:
• 62 percent of businesses worldwide think their employees don’t care enough about the implications of a security breach to change their behavior
• 57 percent said they need to make employees care more about the ramifications of a breach, explain the risks and talk about cases in the media
• 10 percent of employees have lost a device containing sensitive business information
• 12 percent have used Shadow IT without authorization
• 37 percent of respondents said they have access to information that is above their position in the company
• 45 percent of U.S. employees recognize that IP could damage their company if leaked.

Intellectual property can include new code for software products, trade secrets, designs or strategic plans, and can be very costly to lose if not protected by patents. 56 percent of employees in the U.S. have access to IP at work. Should information like this end up exposed, other companies could use it to generate similar products, reducing the competitive advantage of the original developer. Less than half of U.S. employees recognize IP could damage their company if leaked, and therefore it is unlikely they are taking the appropriate precautions to protect it.

The results of this study demonstrate the need for security within an organization to end up implemented across the board, and from the first day any new hire starts work. Executives must make security a top priority in order to avoid mistakes that can lead to the loss of valuable data, costing the company money. Improperly trained staff are at risk of clicking on phishing links that invite attackers in, or inadvertently sending out information hidden within documents and metadata.