One report from Dtex Systems says 95 percent of organizations have employees trying to get around security measures in their workplace.
The report says these employees were using virtual private networks (VPNs), surfing the web anonymously through browsers, and/or using a hacking program like Metasploit, which tests system vulnerabilities. Many employers put these parameters in place for productivity reasons, and this research proves employees are getting smarter about how to bypass these measures.
The Dtex report also finds that security breaches in companies are largely the result of employees, with 60 percent of breaches credited to insiders. Of those insider breachers, 68 percent are due to neglect, 22 percent are malicious attacks and 10 percent are caused by stolen credentials.
One of the alarming insights from these insider breaches has to do with employees storing information on cloud services, an incredibly popular way to saving data these days. Sixty-four percent of companies found corporate information publicly available online, because it was sourced from a cloud service. A large number of employees, 87 percent, are using their personal, web-based email accounts on company computers and devices, which opens up company data to hackers.
Outside of neglectful online practices, the report also finds inappropriate internet use among employees in the workplace. Almost 60 percent of companies surveyed found employees accessing pornographic material during work hours, and 43 percent partaking in online gambling.
Another study from Willis Towers Watson, an advisory company, released a survey with very similar findings. Their study shows two-thirds of a company’s cyberattacks are a result of employee negligence or malicious activity, and only 18 percent of cyberattacks are the result of external breaches.
When it comes to protecting company information, it is very important to focus on human resource data and applicant tracking data. This type of information is the focus for many hackers, because selling personal information is lucrative on the black market.
The personal information in HR systems include social security numbers, bank information and other data hackers can sell to steal identities. And hackers can get a whole crop of this information if they get access to an entire HR database, making these a very vulnerable place when it comes to company cyber security.
Kimberley Smathers, the director of information security and compliance at Jobvite, lays out a few ways to ensure HR data is safe. One thing to ask hosting services in charge of HR data is where they host their data. If it’s in the cloud, an increasingly popular choice, make sure they take other precautions to protect this data.
To ensure these precautions will happen, she suggests asking if the hosting service has any certifications. If the provider has a certification, this means an independent auditor verified them as credible, and that’s something a company wants when it comes to ensuring security.
These tips are for protecting against larger threats, but as these various reports show, most security issues come from human negligence.
HR Dive looked into ways companies can encourage better security habits among its employees to avoid phishing and spoofing attacks.
One of the suggestions from cybersecurity expert Michael Overly, partner at Foley & Lardner, is to know how your employees are storing data. How are people storing, working on and deleting data? Once this is established, IT experts can put in place the correct encryption and security options in place.
Overly also suggests monitoring activity, and noticing if employees are logging on at strange times or for prolonged periods, and checking to see what they are working on. Monitoring social media use and software downloads also helps protect company data from outside hackers.