NetworkTigers discusses employees as the weakest link in business network security.
One of the greatest risks a business can face often comes from within: employee-driven cyber security threats. The average cost of human error in cyber security is $3.33 million. Most businesses cannot afford this kind of astronomical figure, but even smaller breaches can add up quickly.
While human error has always been an enormous risk to keeping data safe and secure, in recent years the threat has only grown. Remote work, a current trend in the market due to the threat of COVID19, has been tied to an increased cybersecurity risk for businesses. Hackers, always adept at exploiting human fallibilities, have become bolder in their efforts to target bored remote workers looking to download content online. Additionally, making more and more key data available to employees logging in through disparate internet connections has only sweetened the pot for cybercriminals. The takeaway? Your business likely needs increased cybersecurity technology and planning in order to rise to the challenge.
Rise in Remote Work Leads to Increased Risk
As more and more employees log in from remote offices or hybrid work spaces, your business network is being accessed from a series of unsecured and possibly compromised network connections. Every member of your employees’ households now constitutes a very real business risk, possibly jeopardizing your hard-won proprietary data and customer information.
According to surveys, 70% of office workers report using their work laptops for personal use. Some of the activities for which employees say that they use their work devices include:
- Streaming: 36% admit to using work phones or laptops to stream content, such as television shows or movies. The numbers become even more alarming among millennial office workers. Among the age group of those 18 to 24, the figure of those who admit to work device streaming rises to 60%.
- Playing games: The parents of young children may be particularly at risk when it comes to allowing game playing on their work devices. 43% of remote workers with children ages 5-16 say that they play games themselves or allow games to be played by their children on work devices.
- Remote learning: 40% say that they have used work devices to complete homework or for online learning in the recent past. The parents of children ages 5-16 report doing so even more frequently, with 57% saying dedicated devices are used for home learning as well as work.
Overall, 33% say that they download content more regularly from the internet now than they did before the pandemic. Additionally, over one third of remote workers admit to allowing other people free rein on their work devices. 85% of IT leaders say that this kind of behavior constitutes a concerning security risk.
New Hacking Techniques Target Employee Behavior
Rest assured, hackers are taking note of these changes in behavior. Remote work is in some ways a perfect storm for inventive hackers. Just as employees are using less secured and more diverse internet connections, they also are often needing to access more and more data over these networks. Confidential information that could be shared in one-on-one settings, or on paper, is now shared almost exclusively over a VPN or cloud connection.
Some of the biggest new cyber security threats are often disguised as downloadable content, or being hosted on streaming and gaming platforms. For example, cyber security analysts with KuppingerCole report a 54% increase in phishing attacks and other malware tied to gaming platforms like Fortnite.
Human Error and Network Security
Even before the pandemic, however, employee error was always one of the biggest threats to network security. Simply put, not every employee is a data security expert, but almost every employee has internet access. While some errors are due to inattentiveness or laziness, such as not updating key software, installing a risky app or downloading non-work content on a work laptop, others are simple accidents. Most scams and schemes are constructed to look like legitimate work problems that may arise during the course of business.
Company emails, for instance, are one of the greatest areas of risk. 71% of all cyber crime attacks are currently thought to take place as phishing scams. Oftentimes, employees who fall for one of these common cyber crimes think that they are just doing their job. An email arrives from a client or vendor that seems legitimate. It might contain an invoice on convincing letterhead, a request for payment, or sound like a frustrated customer requesting a refund. The employee responds with due diligence, and without realizing it has perhaps exposed their company to a hacker-driven data breach.
Keep Your Company Safe, and Your Employees Educated
One of the best ways to ensure network security is to work with your employees to make doing so a priority. Implement data security training programs that empower employees to recognize fishy emails or requests. Increase transparency, so that employees have a sense of what is business as usual, and what seems suspicious. Foster a supportive company culture, so that employees feel comfortable reporting data hacks and issues as soon as possible, even if they may have stemmed from being duped or distracted while at work.
You may also want to consider using a VPN, or other secure network, to help keep remote work a feasible option for your company. Speaking with network professionals can help you pinpoint weak areas in your network security plan, and upgrade where necessary to keep your business safe.