Filed Under:Risk Management, Cybersecurity

Employees bypassing cybersecurity precautions put organizations at risk

It's important to know how employees are storing data. (Photo: iStock)
It's important to know how employees are storing data. (Photo: iStock)

Cybersecurity is a crucial part of any business, but new research shows employees are overwhelmingly trying to skirt online precautions to access blocked websites or services.

One report from Dtex Systems says 95 percent of organizations have employees trying to get around security measures in their workplace.

Insider breaches


The report says these employees were using virtual private networks (VPNs), surfing the web anonymously through browsers, and/or using a hacking program like Metasploit, which tests system vulnerabilities. Many employers put these parameters in place for productivity reasons, and this research proves employees are getting smarter about how to bypass these measures.

The Dtex report also finds that security breaches in companies are largely the result of employees, with 60 percent of breaches credited to insiders. Of those insider breachers, 68 percent are due to neglect, 22 percent are malicious attacks and 10 percent are caused by stolen credentials.

One of the alarming insights from these insider breaches has to do with employees storing information on cloud services, an incredibly popular way to saving data these days. Sixty-four percent of companies found corporate information publicly available online, because it was sourced from a cloud service. A large number of employees, 87 percent, are using their personal, web-based email accounts on company computers and devices, which opens up company data to hackers.

Inappropriate internet use


Outside of neglectful online practices, the report also finds inappropriate internet use among employees in the workplace. Almost 60 percent of companies surveyed found employees accessing pornographic material during work hours, and 43 percent partaking in online gambling.

Related: Biggest cybersecurity weakness: stolen logins

Another study from Willis Towers Watson, an advisory company, released a survey with very similar findings. Their study shows two-thirds of a company’s cyberattacks are a result of employee negligence or malicious activity, and only 18 percent of cyberattacks are the result of external breaches.

data security

Hackers can get a whole crop of information if they get access to an entire HR database, making these a very vulnerable place when it comes to company cyber security. (Photo: iStock)

Lucrative black market for HR data


When it comes to protecting company information, it's very important to focus on human resource data and applicant tracking data. This type of information is the focus for many hackers, because selling personal information is lucrative on the black market.

The personal information in HR systems include social security numbers, bank information and other data hackers can sell to steal identities. And hackers can get a whole crop of this information if they get access to an entire HR database, making these a very vulnerable place when it comes to company cyber security.

Kimberley Smathers, the director of information security and compliance at Jobvite, lays out a few ways to ensure HR data is safe. One thing to ask hosting services in charge of HR data is where they host their data. If it’s in the cloud, an increasingly popular choice, make sure they take other precautions to protect this data.

To ensure these precautions will happen, she suggests asking if the hosting service has any certifications. If the provider has a certification, this means an independent auditor verified them as credible, and that’s something a company wants when it comes to ensuring security.

Human negligence


These tips are for protecting against larger threats, but as these various reports show, most security issues come from human negligence.

HR Dive looked into ways companies can encourage better security habits among its employees to avoid phishing and spoofing attacks.

One of the suggestions from cybersecurity expert Michael Overly, partner at Foley & Lardner, is to know how your employees are storing data. How are people storing, working on and deleting data? Once this is established, IT experts can put in place the correct encryption and security options in place.

Overly also suggests monitoring activity, and noticing if employees are logging on at strange times or for prolonged periods, and checking to see what they are working on. Monitoring social media use and software downloads also helps protect company data from outside hackers.

Related: Cyber-breach communications plans: What insurance professionals (and clients) need to know

Claire McInerny is a writer and radio producer based in Indiana. She's a fan of great film, poignant words and Bruce Springsteen.​ Send Claire an email at cmcinerny74@gmail.com.

Originally published on BenefitsPro. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Related

Cybersecurity for small businesses: Using a VPN to protect your data

Small businesses are vulnerable to data breaches and hackers. Here are 5 inexpensive VPNs you can use to protect client...

Featured Video

Most Recent Videos

Video Library ››

Top Story

What if Hurricane Andrew happened today?

A new report from Swiss Re postulates what the insured losses would be if a storm like 1992’s Hurricane Andrew were to barrel through South Florida in 2017.

Top Story

9 solar eclipse safety tips & risk concerns you need to know for Aug. 21

An estimated 500 million people across North America will be impacted as the moon passes between the sun and Earth in the 70-mile wide path of the total eclipse on Aug. 21, 2017.

More Resources

Comments

eNewsletter Sign Up

PropertyCasualty360 Daily eNews

Get P&C insurance news to stay ahead of the competition in one concise format - FREE. Sign Up Now!

Mobile Phone

Advertisement. Closing in 15 seconds.