Cybersecurity is no longer just the responsibility of technical teams. Experts say that in this era of constant cyber attacks, every employee—from the newest customer support representative to the CEO--has the power to either strengthen or weaken your organization’s defenses. Share with your team these 7 reasons why cybersecurity is truly every employee’s responsibility.
People Are the New Cybersecurity Perimeter
It’s a common misunderstanding in many companies that cybersecurity is the responsibility of the IT department and the technical solutions they implement. But the data tells a different story—demonstrating that employees and simple human errors are the most concerning security vulnerabilities in most organizations.
In fact, experts say that people are the new security perimeter. And HR leaders have a crucial role in developing a “human firewall” to help protect the organization, with the goal of turning the company’s biggest security risk into its best asset.
Technical Teams (May) Even Agree
Without a doubt, technical teams and technical solutions are incredibly important to an organization’s cyber defenses. But even tech teams may agree that their knowledge and solutions aren’t enough to prevent potential cyber attacks.
According to one survey, companies deploy on average 47 different cybersecurity solutions and technologies. Yet less than half of IT practitioners surveyed say that they feel confident in preventing a data breach given the current level of investment in technology and staff.
IT practitioners cited challenges ranging from the inability to prevent employees from falling for a phishing scam to lack of control over access privileges to threats that have already penetrated the company’s systems.
7 Reasons Why Cybersecurity Is Everyone’s Job
The National Institute of Standards and Technology (NIST) says that no matter how advanced an organization’s cybersecurity technologies and policies are, it cannot be secure without each employee doing his or her part. Here are 7 compelling reasons why cybersecurity is every employee’s job. Share them with your team to help jumpstart your cross-departmental cybersecurity plans.
1. An estimated 24% of data breaches are the result of human error.
According to one report, human error is the third-most-common root cause for data breaches after malicious attacks (51 percent) and system glitches (25 percent).
2. Breaches caused by insiders are often due to very simple mistakes.
One report found that 43 percent of breaches caused by employees were due to incorrect disclosure. Another 20 percent were caused by posting or faxing data to the wrong recipient, 18 percent by failing to use the Bcc function or emailing data to the wrong recipient, and 5 percent by providing information to hackers during a phishing attack.
3. Malicious insiders are a massive problem for organizations.
Most employees want to do the right thing, but experts say that malicious insiders are a massive threat to company security. One report found that the top motivations of malicious insiders were: financial gain, fun, and espionage.
4. 60% of employees don’t believe the organization has exclusive ownership of its data.
Employees often don’t understand the risks inherent in oversharing company data. Sixty percent of surveyed employees said that they don’t believe the organization has exclusive ownership of its data. Thirty-two percent said they would consider taking company information with them to a new job.
5. In a digital economy, old-school security perimeters no longer apply.
As the workforce has become more remote and more reliant on digital communication, it is increasingly more difficult to protect company data using traditional network perimeter security technologies.
6. Email is the leading application for accidental data leaks.
One report found that both corporate and personal email are the leading applications for accidental data leaks, followed by file sharing services (39 percent), collaboration tools (34 percent), and SMS instant messaging (33 percent).
7. An organization’s employees are its largest attack surface.
The largest attack surface of most organizations are the employees who perform everyday functions, including sales and marketing, finance and administration, legal and compliance, operations, and leadership.
HR Is Crucial to Building a Cybersecure Culture
Whether it’s a small startup or a global corporation, company leaders must start looking beyond technical teams and systems for its cybersecurity. Experts recommend working across functions and geographies to identify key risks, imagine potential threats, and develop a plan for combating them.
There is solid evidence that it will be worth the effort. In one study, companies that had formed a response team reduced the average total cost of a data breach by $360,000. Companies that tested an incident response plan reduced the average total cost of a breach by $320,000.
With its eye on the people side of business, HR is a crucial link to bringing together departmental leaders to evaluate cybersecurity risks, training employees on what is expected of them, and ultimately driving a more cybersecure company culture.
Additional Resources
- The National Institute of Standards and Technology (NIST) provides a guidebook Cybersecurity Is Everyone’s Job
- StaySafeOnline by NIST provides a web page Cybersecurity at Work Is Everyone’s Business, which links to various resources.
- The National Cybersecurity Alliance offers a guide on Small Business Cybersecurity “Quick Wins”