Study: biggest risk to cyber security companies is the negligence of the staff

Source: gate Arab news technical

دراسة: أكبر خطر على الأمن الإلكتروني بالشركات هو إهمال الموظفين

A report issued by the company Shred-it is one of the companies specialized in information security from the greatest threat to the security of electronic networks and institutions is the neglect of personnel, where the report found that 47 % of business leaders said that human error such as accidental loss of device or prepared by employee was the reason for the penetration data of their organization.

Were surveyed more than 1000 small business owners and executives in the United States via the internet in the month of April to get the report.

In the year 2017 cost operations to penetrate the corporate data, an average of 3.6 million worldwide, according to a separate report issued by the Institute of the Bonn lawyers specialized in conducting research on privacy, data protection and information security.

For small businesses in particular, this figure could to wipe out the entire company and cause its bankruptcy. For the purchase of any size of the CAN to penetrate the data also reduces the value of the company’s brand and adversely affects their ability to work, according to Shred-it.

Said mono calcium Vice President of the company Shred-it: “the survey results show clearly that the habits of the young staff apparently can pose a significant security risk for companies”.

The report revealed the company Shred-it from the public by staff and potentially cause risk to cyber-security companies which are represented in the following:

The basic bad for employees :

Many of the most serious crimes committed by staff are things you may not think it’s risky behavior, where more than 25% of employees surveyed by Shred-It they left their computer unlocked and without control.

Even take notes on paper, or leave the papers on your desk, you might be unintended consequences, where said calcium “when used paper to document notes or minutes of the meeting they plan to leave this information in an accessible place, whose fault is simple and can backfire, earlier this year left the employees in the Ministry of national security documents of the security account on a plane”.

Remote work:

The increase in communication and technology mean that employees can work from almost anywhere – you may be working from Starbucks or even from your living room nice and cozy, but it may also lead to the exposure of your company to penetrate the data serious.

Staff work remotely is increasing dramatically. Where more than half of hiring managers agree that remote work and believe that the future of work, according to a report on the future work of the platform or Upwork for free.

Agreed most executives to the risk of breakthrough data will be higher when the employee works remotely, but few companies have comprehensive policies off-site available to these employees. While he said more than half of small business owners they do not have a policy for remote workers.

In addition, the contractors or external suppliers unlocks are also free for breaches of the data in the companies they deal with. Where the poll found Shred-it that 1 out of every 4 executives on all 5 of the small business owners they said that the seller’s outside was the reason for the data breach at their company.

Due to the fact that many companies do not review the powers of access to data when ending their relationship with an outside company, so there must be a better control and management of the right to these things.. according to calcium.

Bridging the gap training:

Have many companies have training and policies to protect data from penetration and education of its employees and the practices of cyber security good. But these efforts may not be as frequent or structured enough to protect the company.

For its part, said in Kielce “the general assumption that a lot of companies think that if she trained staff once a year will retain this information, this assumption is wrong, because you should be training and awareness is usually a dynamic and continuous process to enhance the culture of the company practices good security”.

In addition, it should extend cyber security beyond the work of the office and into the home, especially if the company has remote employees or uses external vendors to do business.

What companies could do:

It may take transform the practice of cyber-security in the company months or years, so here are some actions that can be done in the course.

  1. Policy Update workplace… the report proposes the imposition of a policy a clean desk is the CDP which is a common document outlining how employees must leave the area of their work when you leave the Office -most require CDPs from staff to remove all the existing papers in their offices at the end of the day – in addition to having separated from the context of the company’s dedicated employees who work remotely and vendors of external.
  2. Securing physical access to information… must be kept sensitive information in the drawers of a desk locked or in cabinets, and share documents when necessary, and take notes on a computer or tablet.
  3. Get rid of old hard drives properly… a lot of companies or employees assume that information can be deleted or get rid of them once you delete them from the hard drive, but this is not true so you should destroy the hard drive completely.

E-security companies have considered the joint responsibility of all its members, and must adhere to the policies set by the departments of Information Technology, ignoring this policy, the security might make the companies suffer heavy casualties due to a breach or leak valuable information.

Link to the project source: study: biggest risk to cyber security companies is the neglect of the staff

Leave a Reply

Your email address will not be published. Required fields are marked *