From Weak Link to Impenetrable Shield: Empowering Employees to Reduce Cyber Risk
Written by Anurag Lal, President, and CEO of NetSfere
A major risk exposure for enterprises today is cyber risk with 84% of organisations experiencing one or more breaches in 2022. Enterprises are working daily to combat cyber threats which are growing in frequency and sophistication. When successful these threats have costly reputational, legal, and financial repercussions. IBM’s most recent Cost of a Data Breach report revealed that in 2023 the global average cost of a data breach reached $4.45 million , which is a 15% increase over the last 3 years.
A majority of data breaches – 74% – involved the human element. Humans make mistakes.
Cybercriminals are very aware of this and work overtime to exploit that fallibility, attacking people more often than technology to gain access to networks and systems. Research from cybersecurity company Fortinet found that 81% of organisations faced malware, phishing, and password attacks last year which were mainly targeted at users. Fortinet noted that this data “underscores that employees can be an organisation’s weakest point or one of its most powerful defences”.
As the risk of cyber threats continues to increase, enterprises can significantly reduce that risk by empowering employees to become an impenetrable shield against cyberattacks, proactively stopping these attacks before they start.
To help employees become powerful security assets, organisations should take the following proactive steps:
Establish a strong security culture
Establishing a strong security culture is critical for mitigating cyber risk and reducing the potential of costly data breaches. An enterprise-wide commitment to cybersecurity makes for a shared responsibility across the organisation, creating an environment where everyone understands their role in reducing cyber risk.
Making employees partners in advancing a security-conscious culture encourages cyber-secure behaviours and attitudes and helps minimise risky behaviours such as using unauthorised apps, accessing malicious websites, and clicking on suspicious links in e-mails.
Provide secure collaboration tools
When employees are provided with secure collaboration platforms, they will not turn to unsecure messaging and collaboration tools that expand the cyberattack surface in organisations.
Many consumer-grade messaging apps and unsecure collaboration tools do not have the enterprise-grade security, compliance and governance features needed to keep organisations secure. Bad actors are well aware of the vulnerabilities in these less-than-secure tools, tailoring their attack mechanisms to these channels. Research shows that cyberattack numbers increased 38% in 2022 compared to 2021, driven up “by smaller, more agile hacker and ransomware gangs who widened their aim to target business collaboration tools”.
Using a secure, user-friendly all-in-one platform which is designed for the enterprise with end-to-end encryption (E2EE) reduces the attack surface and keep organisations secure. E2EE locks down sensitive data in transit and at rest, ensuring that only the sender and receiver can read messages. Secure by-design collaboration technology like this provides employees with a convenient and frictionless way to share ideas, files, and data without compromising the security of networks and systems.
Set and enforce clear policies
Employees can become one of the most effective security controls in an organisation when clear cybersecurity policies are established, communicated, and enforced. Policies prohibiting the use of shadow IT (the use of unsanctioned applications that are not monitored and managed by the enterprise IT department) are particularly important for employees to be aware of and understand.
The danger of employee use of shadow IT lies in the lack of IT control. IT teams can’t control what they don’t know about which can lead to unauthorised access to an organisation’s IT infrastructure, according to Randori’s State of Attack Surface Management 2022 report.
Policies prohibiting the use of shadow IT means employees will avoid using apps and tools that can increase enterprise risk exposure to data breaches and compliance violations.
Provide training
When employees are trained to recognise cyber threats, they are better equipped to identify, report, and prevent cyberattacks.
Providing regular cybersecurity training that educates employees on common threats such as phishing, malware and social engineering teaches them best practices for password management, secure remote working and data handling reduces the risk of human error, helping employees take proactive steps to protect sensitive company data and information.
Cybersecurity tools alone are not enough
Tools such as firewalls, intrusion detection systems and VPNs help defend against potential cyber threats, but they are not enough to fend off cybercriminals. Effectively combatting cyber threats and reducing cyber risks today requires organisations to empower employees to become an impenetrable shield in cyber securing the enterprise. A strong security culture, secure collaboration platforms, clear policies, and cybersecurity training are the way forward to achieving that.