Personal convenience and security don’t always mix: a study carried out on 1,000 employees revealed that 99% of them acknowledged risky behaviour in 2017!*
It’s a worrying picture that raises real questions around the respect for information protection procedures in companies, even more so in a context marked by the upcoming application of the General Data Protection Regulation (GPDR).
Data protection: the stakes are high
There is something paradoxal about the situation. One the one hand, expenditure on securing company information keeps going up: according to Gartner, more than $86bn was spent worldwide in 2017, a 7% increase in just a year. Analysts are all in agreement that spending will continue to rise until at least 2021.
At the same time, cybercrime is predicted to cause even more consequential havoc: with a value of $3,000bn in 2015, Cybersecurity Ventures forecasts that the damage could reach double this figure in 2021, reaching $6,000bn.
Without a suitable reaction, the impact of employee negligence will increase, all whilst cybercriminals will continue to develop the increasingly sophisticated tools and techniques needed to benefit from the errors made due to lack of attention or the ignorance of their victims.
Bring about new mindsets
Negligence is rarely deliberate: it is most often down to habits of convenience aiming to get rid of a particularly restrictive aspect of security.
Amongst the most frequent cases are password management, with more than 75% of those surveyed admitting to using personal passwords in their work environment. A similar proportion of respondents admitted to opening and storing company files on their personal devices.
Fortunately, the phenomenon can be avoided so long companies take the necessary action for changing mindsets and making employees aware of data protection rules. In 2018, 67% of companies worldwide are planning an employee awareness programme around these security issues.
End user awareness
Technical tools and the reduction of uses likened to Shadow IT allow a part of the risk to be circumvented, but this doesn’t mean that companies shouldn’t adopt a thought and education-based approach. Making dangers and risky conduct explicit and sharing good practice contribute to injecting a real security culture in companies and to making it understood that data protection doesn’t only lie with IT Management. By educating employees, we can minimise what is often the weakest link in the security chain.
One last piece of advice? Repeating, over and over, the importance of a strong password isn’t enough to truly raise awareness. So get off the beaten track and put security into practice so that your employees go down the right path: from simulation to serious games, there’s no shortage of tools at hand.
*Source: Intermedia 2017 Data Vulnerability report
Derniers articles parMarion Godrix (voir tous)
- Cybersecurity: machine learning to be the main focus in 2018 - 26 January 2018
- Cybersecurity: Five vulnerabilities you shouldn’t ignore - 25 January 2018
- [INFOGRAPHIC] Data security: 99% of employees ignore good practice - 24 January 2018