A new report by Kaspersky Lab and B2B International, in which they looked at the “Human Factor in IT Security”, has found that employees could be making businesses vulnerable, simply because of a risk of embarrassment or punishment for reporting a problem.
The findings have shown that careless or uninformed employees are most likely to cause a cyber security incident. Cyber-criminals will use these employees as an entry point to get inside the corporate infrastructure through phishing emails, weak passwords or fake calls from tech support, and it is a persons lack of care or knowledge about security that could compromise the entire network.
The problem is that employees are choosing to hide any incidents that may occur instead of communicating them not only with fellow colleagues but also to top management and HR departments. The reason for this is that in some cases companies introduce strict but unclear policies and put too much pressure on staff, warning them that if something were to go wrong then they would be held responsible. Policies like this do nothing except create fear among employees, leaving them with no other choice but to avoid punishment at all costs and so keep quiet about errors.
There is a clear need for educating staff in order to make them more aware of the impact of their actions and to stress the importance of working safely. It is this alone that can help reduce the risk of these type of attacks and protect what is most important to the company – the data.