Organizations want to trust their employees when it comes to cybersecurity, but to do so, they need to better leverage technology.
The ObserveIT global survey of 600 IT leaders across various industries found that employers should develop clear cybersecurity protocols and invest more in employee training programs and monitoring tools to verify safe user activity.
Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent, and by 53 percent for criminal and malicious insiders (Ponemon).
While employees are an organization’s biggest asset – whether they are full-time, freelancers or contractors – they can also be a prime channel for information loss via negligent or malicious actions. As such, companies need to prioritize effective training programs across their employee base, leverage precise monitoring tools to verify safe user activity and ensure that clear protocols are in place for onboarding and offboarding employees to prevent data loss.
Technology can enhance trust between employers and employees
According to the survey, on average, 46 percent of respondents agree that their organization doesn’t have confidence in its workforce when it comes to keeping valuable data and assets safe. This lack of trust is even higher in the public sector (53 percent), IT and technology services (52 percent) and manufacturing (51 percent).
With an evolving risk environment and employee trust being highly important, 92 percent of respondents agree that investment in new technologies to monitor insider threats and verify user activity will be crucial for keeping information secure over the next 18 months.
Training, policies and technology should be prioritized
Organizations also have an opportunity to build trust via training and policies. The survey found that 43 percent of organizations don’t have a policy that prohibits staff from taking IP/data with them when leaving the organization. Further, 67 percent of respondents say remote work is allowed in their organization, and 42 percent report contractors/freelancers use personal devices for work activity.
With an evolving work environment and more devices being used to access company information, organizations need to establish clear protocols for all users handling data and IP regardless of location, device or employment status.
Employers should make employees aware of the ramifications of data leakage
Most employees aren’t aware of the repercussions that follow leaking information either accidentally or maliciously. Almost 60 percent of organizations don’t explain the contractual penalties for putting their organizations at risk and only 36 percent of IT leaders feel that cybersecurity is extremely important to their organizations’ general employees. As such, employers need to ensure consequences of negligent or malicious leakage are well-defined and communicated to employees.
“The workforce is changing rapidly as remote work becomes commonplace and more companies rely on freelancers and contractors to support daily activities,” said Mike McKee, CEO of ObserveIT.
“Trusting employees to keep valuable information safe should start at the top with effective training, clear guidelines and verification via technology for all users.”