As a security professional, you probably aren’t responsible for hiring and firing the people who do (or don’t) work in your company. However, it’s important to at least understand why employee negligence is such a huge liability when dealing with information security. Here are three reasons employee why your employees are a security liability:
1. Employees Are Less Likely to Comply With Policy
Your employee population is much less inclined to follow rules than your average citizen. How many times have you been asked for a password by a store employee while shopping? Even if the employee does ask for a password, do you really trust them with it?
Most people treat passwords like they’re supposed to be treated: private! The same goes for hand scanners and ID badges that allow people into different areas of a building. Employees are simply less likely to comply with the rules because their natural reaction is to break them.
2. Employees Are More Likely to Make Mistakes
Everyone makes mistakes; it’s part of being human. However, employee negligence can lead to mistakes that cause serious damage to your company or its customers. For example, you may think it’s a good idea for employees to use personal devices at work, but what happens when they don’t protect those devices with strong passwords and fail to install security updates? It’s not just the employee’s device that may be compromised: everything stored on that device could be compromised as well.
Another common mistake made by employees is opening suspicious emails and attachments without first verifying the sender. When the employee opens this malicious email and executes the attached malware, now their computer (and anything else connected to it) has been compromised too. The employee doesn’t even have to click on the attachment. Just opening the email is enough to infect their device.
3. Employees Can Be Bribed or Blackmailed
Even if an employee has nothing but good intentions when accessing information assets, they can still be manipulated by someone outside your business network, maybe even without their knowledge. For instance, suppose you contract with a new employee for some expert consulting services down the road (or maybe keep one on retainer).
If they aren’t aware of the fact that they’re liable to be prosecuted for identity theft, then you might end up paying someone who is responsible for stealing employee information. Similarly, an employee may think they’re passing on company secrets only to realize their contact was actually collecting data for an espionage campaign.
The bottom line? Employees are a liability when it comes to protecting information assets especially if they don’t understand the policies governing how those assets will be protected. This can give malicious third-parties more than enough time and access to exploit employee ignorance or carelessness. For more information on employee training to help you navigate this rough waters, contact Single Point Global at 888-653-1438 or visit www.singlepointglobal.com.