Employees are a security weakness, says HANDD study

We’ve long said that people are the weakest link when it comes to cyber security. Every day, employees face issues that threaten the security of their organisation – whether it’s suspicious emails, poor password practices or mislaid information.

This concern emerged in a study by HANDD Business Solutions released in June. Of the 300 UK-based IT professionals surveyed, 21% said their employees’ behaviour and their reactions to social engineering attacks pose a big challenge to data security.

“Employees are probably your biggest asset, yet they are also your weakest link,” said HANND’s chief technical officer, Danny Maher, speaking to Infosecurity Magazine. “Raising user awareness and improving security consciousness are hugely important for companies that want to drive a culture of security throughout their organisation.”

The weakest link

No matter how many security products or policies an organisation implements, it will still be vulnerable if its employees aren’t provided with staff awareness training or given security guidelines to follow. It only takes one careless employee to cause a data breach or violate the requirements of security legislation. Organisations should be particularly concerned by this, given that the EU General Data Protection Regulation (GDPR) takes effect from 25 May 2018. Any organisation that fails to comply with the GDPR could face fines of up to €20 million (about £17.8 million) or 4% of its annual global turnover – whichever is greater.

According to HANND’s study, many organisations are indeed concerned. More than a third of respondents (35%) said that making sure data is stored securely is their biggest challenge, and 21% said the same about achieving or maintaining compliance with security regulations and legislations.

Mark Taylor, managing consultant at NTT Security, said: “A key benefit of the coverage of subjects such as GDPR is that it will improve knowledge of information security and whilst businesses continue to support improvements in awareness they still need to focus on the fact that people are often a weaker link when it comes to clicking on phishing emails, opening attachments or simply considering the structure of their passwords/phrases.

“Businesses also need to adapt the way they communicate to reflect this challenge and support the training they provide staff”.

Enrol your staff on a training programme

Given these dangers, you should consider registering for a staff training programme. With our Information Security Staff Awareness E-Learning Course, your employees can learn about the most important elements of information security, including phishing, creating backups, portable media devices and business continuity.

The course also gives staff advice on how to avoid becoming a security liability, introducing them to your policies on incident reporting and responses.

Find out more about our Information Security Staff Awareness E-Learning Course >>