Negligent employees are considered to be the biggest cybersecurity risk as they are most likely to cause data breaches among organizations in the United States, a new study has revealed.
Ontario-based information security firm Shred-it released a report on Tuesday, June 20 revealing what business leaders think towards their employees as a risk factor. It turned out 47 percent said human error, like loss of a document or device, committed by employees resulted in a data breach at their organization.
Based on the responses from more than 1,000 small business owners and C-level executives, the company stressed employee negligence poses a major security threat, even "seemingly small habits."
"When you use paper to document notes or meeting minutes it raises the risk of you leaving that information behind," Shred-it Vice President Monu Kalsi noted, citing a Department of Homeland Security employee who left a classified Super Bowl security documents on a plane.
The ramifications of a data breach would range to varying degrees, and if worse comes to worst, an organization could meet its demise. What is certain, it may have a negative effect on the company's branding, like slashing its market value.
According to a separate study by Ponemon Institute in 2017, an average of $3.6 million was lost to data breaches in companies.
Some culprits mentioned by Shred-it include leaving computers unlocked, connecting to a public or unsafe internet connection in the case of companies with remote workers, and even leaving notes unattended on one's desk.
Kalsi noted of the importance of giving its employees the proper training on information security:
For companies looking to better protect their data, smart information security begins with giving employees access to smart information security practices and training. Through consistent training and education, businesses of all sizes can take back ownership of information security and create a more security-minded work culture among their employees.
Hence, organizations are highly encouraged to tighten policies at work as well as the security of information that is physically accessible. Old hard drives, even deleted or cleaned ones should be destroyed at all cost. Leaders should also encourage their employees to report lost or stolen devices to their supervisors.