Research by threat management platform, ObserveIT has revealed that organisations want to trust their employees when it comes to cybersecurity, but to do so, they need to better leverage technology.
The research, which took in the views of 600 IT leaders across various industries, also found that employers should develop clear cybersecurity protocols and invest more in employee training programmes and monitoring tools to verify safe user activity.
Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 per cent, and by 53 per cent for criminal and malicious insiders (Ponemon).
While employees are an organisation’s biggest asset – whether they are full-time, freelancers or contractors – they can also be a prime channel for information loss via negligent or malicious actions.
As such, companies need to prioritise effective training programmes across their employee base, leverage precise monitoring tools to verify safe user activity and ensure that clear protocols are in place for on-boarding and off-boarding employees to prevent data loss.
Technology can enhance trust between employers and employees
According to the survey on average, 46 per cent of respondents agree that their organisation doesn’t have confidence in its workforce when it comes to keeping valuable data and assets safe.
This lack of trust is even higher in the public sector (53 per cent), IT and technology services (52 per cent) and manufacturing (51 per cent). With an evolving risk environment and employee trust being highly important, 92 per cent of respondents agree that investment in new technologies to monitor insider threats and verify user activity will be crucial for keeping information secure over the next 18 months.
Training, policies and technology should be prioritized
Organisations also have an opportunity to build trust via training and policies. The survey found that 43 per cent of organisations don’t have a policy that prohibits staff from taking IP/data with them when leaving the organisation.
Further, 67 per cent of respondents say remote work is allowed in their organisation, and 42 per cent report contractors/freelancers use personal devices for work activity. With an evolving work environment and more devices being used to access company information, organisations need to establish clear protocols for all users handling data and IP regardless of location, device or employment status.
Employers should make employees aware of the ramifications of data leakage
Most employees aren’t aware of the repercussions that follow leaking information either accidentally or maliciously. Almost 60 per cent of organisations don’t explain the contractual penalties for putting their organisations at risk and only 36 per cent of IT leaders feel that cybersecurity is extremely important to their organisations’ general employees. As such, employers need to ensure the consequences of negligent or malicious leakage are well-defined and communicated to employees.
Commenting on the findings, Mike McKee, CEO of ObserveIT said:
“The workforce is changing rapidly as remote work becomes commonplace and more companies rely on freelancers and contractors to support daily activities. Trusting employees to keep valuable information safe should start at the top with effective training, clear guidelines and verification via technology for all users.”