We live in a world in which technology is a critical part of nearly everything we do. The rapid advances in technology are a tremendous boon, but with those advances come risks that can be catastrophic to organizations. Just in the last few months, two major cyberattacks (WannaCry and a variation of the Peyta virus) have spread around the world, costing targeted companies billions of dollars.
In this environment, it is critical for companies to employ stronger cybersecurity measures, but it is also important to look at the primary causes of breaches and develop strong strategies to counter them. Undoubtedly, the most difficult obstacle to adequately and appropriately tackle is internal, human error. Unfortunately, human error is the cause of far more issues than most business leaders realize. This difficulty arises from many factors: loyalty, employees morale, re-hiring and re-training costs, etc.
None of these factors, however, justify ignoring common, easily avoidable and repeated actions that put your company at grave risk. According to the Verizon 2017 Data Breach Investigations Report, four of the major findings focus on the issue of employee accountability. Of the data breaches that were analyzed:
All of these issues can and must be addressed through extensive, detailed, regular training and professional development to make your employees your first line of defense. The difficulty arises when employees have been trained adequately – when there is no reasonable excuse for their risky actions. In those situations, it is important to have specific, clear accountability policies in place, and it is critical that they be followed regardless of who the offender is. From the hourly employee to the CEO, basic security measures must be enforced evenly, particularly since the tendency is to downplay the actions of the highest executives while ignoring the increased threat posed by breaches of the information to which they have access. This is one policy that must be applied and enforced comprehensively across an organization.
When dealing with cybersecurity, there are obvious differences in the severity of human error, as well as the frequency of those mistakes. These differences must be considered when creating a cybersecurity plan that includes progressive consequences of improper actions (including one or more actions that result in immediate termination). The issue of employee cybersecurity accountability cannot be ignored in our modern technological environment, since even one successful breach can cripple many businesses. The potential damages simply are too significant to avoid serious accountability consequences.
At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to their advantage but who are also committed to understanding your business goals and aligning your IT strategy to theirs. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goals, contact thinkCSC for more information.