It does not matter what your view on the modern technologies in business is; employees if you are a business owner or in a management position of some kind, you will come into contact with the online world and your company will have at least some sort of a web-presence—perhaps only to the extent of storing data and sharing documents online. Still, this automatically makes your company vulnerable to attacks from outside and various cyber-security breaches.
When we are talking root causes for cyber-security breaches, it may come as a surprise as to how big of a percentage of these is due to human error. The latest study by Ponemon institute has shown that almost a third of all malicious attacks are enabled by human error. In a company, this means that one or more of the employees will be the reason why the attack was successful, not willingly, but they will still be responsible.
There are a number of underlying (and not so underlying) reasons why human error happens so frequently. One of the main reasons is the lack of awareness and understanding of all of the implications of security compromises (such as sharing passwords, leaving them around, not logging out for convenience). Another reason can be a culture in the workplace where the security of the system is not taken as seriously as it could be.
However it needs to be said that it is not only the responsibility of the employees to be careful and to worry about the cyber-security. Many errors and breaches occur because the management is not made fully aware of the dangers and the potential results of cyber breaches. Admin staff is also often undertrained and oblivious of the dangers of these cyber breaches.
In essence, it often comes down to people not being aware that they are also responsible for the security of their company in cyber space.
Who the threats are
Hackers are the most famous and unfortunately the most common threat to commercial users, either doing harm for financial reasons or to sabotage certain companies. It needs to be pointed out that not all hackers are doing their attacks to do harm, but still, they are by far the most serious threat to the cyber-security of your company.
Hacktivists are a relatively new subdivision of hackers and in 2013, they were responsible for almost half of cyber-attacks. The good news is that they are usually not interested in financial data and that they are mostly involved in “political” cyber activities which should not worry most companies. Still, there is need to keep them in mind as well.
Finally, there are the social engineers, which is pretty much just a fancy word for cyber cons who, in most cases, build entire relationships with an employee in a certain company in order to get sensitive data and access to parts of the company that should stay out of their reach. They usually attack small and mid-sized businesses and it is essential that they do not get access to your company.
In cases of more elaborate cyber-attacks, there is very little that a manager or a business owner can do except to employ the latest in security measures and hope for the best. However, in many other cases, there is quite a lot that can be done, for instance:
Educating employees in their role in cyber security
Educating management in their responsibilities
Tightening the security culture in the company
Employing skilled and trained technical staff for security needs
Using software solutions that are as secure as possible
The most interesting thing about cyber-security in the workplace is that, in a very large number of cases, it once again comes down to people who work there and who can very easily become unwilling participants in various breaches.
On the other hand, with proper training and education, just like with traditional security and safety, your employees can become an asset and not a liability.