Companies tend to think of enterprise security issues, like data leaks, as caused by malicious activities outside the organization. But according to The Ponemon Institute, a full 25% of data breaches come from within the organization, through employee errors.
Despite all of the security threats that companies have to deal with these days, there's still one threat that poses a huge risk to enterprise security: your employees. According to the 2016 Data Breach study by the Ponemon Institute, a full 25% of all data breaches were due to human error caused by employees and contractors. That's a hard pill to swallow when a quarter of data breaches are caused by issues that are within the control of enterprise organizations.
Armed with that information, the obvious question is "how exactly are employees contributing to data loss and putting enterprise security at risk?“. There are many ways that employee error is creating vulnerabilities in enterprise security infrastructure, but these three scenarios are the most likely culprits in most enterprise organizations.
Remote Working Setups
With an estimated 37% of U.S. workers telecommuting at least part-time during the week, more employees than ever are accessing company data on public networks that may or may not be secure. Take, for example, a sales manager who logs into the company network to get work done using airport wifi while waiting for a flight. Accessing company programs on unsecured network connections is a huge risk for enterprises, but employees are going to continue to find the most efficient way to get their work done, so it's crucial that the IT department figure out how best to keep their company devices and access to company data as secure as possible when employees are working out of the office.
Inappropriate Company Device Usage
A 2015 study from CompTIA that looked at cybersecurity habits in the workplace found that 63% of employees polled used their company mobile devices (laptops and cell phones) for personal activities that included online shopping, personal banking, and posting to social media. Add to that fact that the Ponemon Institute found that around 3% of employee mobile devices were infected with malware, and it's obvious how big of a security threat comes just from employees not using their company devices solely for company business. And just in case you were wondering, the Ponemon Institute quantified that economic risk at $26.4 million.
Poor Password Policies
Despite the awareness and education around the importance of secure passwords, there's still a major gap in between company password policies and what passwords are being used by employees. In fact, a 2015 study from Ping Identity found that 50% of enterprise employees admitted to be likely to reuse personal passwords for company use and two-thirds of respondents reused work passwords for personal accounts. This is one of the most pressing security issues facing enterprise organizations, and it's also one of the easiest to fix. Password management services can all but alleviate poor employee passwords by creating and encrypting multiple passwords for multiple sites and software applications. And by automatically storing and filling in passwords for employee use, it's more likely to be widely adopted across the organization.