The biggest cybersecurity risk to US businesses is employee negligence, study says

By: Carmen Reinicke

Hackers are no match for human error.

Employee negligence is the main cause of data breaches, according to a state of the industry report by Shred-it, an information security company. The report found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization.

Over 1,000 small business owners and C-suite executives in the United States were surveyed online in April for the report.

In 2017, data breaches cost companies an average of $3.6 million globally, according to a separate report from the Ponemon Institute.

For smaller businesses especially, that price tag could wipe out the entire firm. For a company of any size, a data breach can also cheapen a company’s brand and negatively impact their ability to do work, according to Shred-it.

Basic bad habits

Many of the most dangerous offenses by employees are things that they might not even think about as risky behavior. A surprising number of workers surveyed by Shred-it admitted to bad security behavior at work; over 25 percent said that they leave their computer unlocked and unattended.

Even taking notes on paper, or leaving papers out on your desk, can have unintended consequences.

“When you use paper to document notes or meeting minutes it raises the risk of you leaving that information behind,” said Kalsi. A simple mistake can backfire; earlier this year, a Department of Homeland Security employee left sensitive Super Bowl security documents on a plane.

Remote work

Working from Starbucks or even your living room may be nice and convenient, but it could also be opening your company up to a dangerous data breach.

Remote work is increasing. Over half of hiring managers agree that remote work is more common and a third think it is the future of work, according to a report on the future of work from Upwork, a freelancing platform.

Cybersecurity practices have not yet caught up. A majority of executives agree that the risk of a data breach is higher when an employee works remotely, yet few businesses have comprehensive off-site policies in place for those workers. Over half of small business owners said they have no policy for remote workers.

In addition, contractors or external vendors also open up companies to data breaches. The Shred-it survey found that 1 in 4 executives and 1 in 5 small business owners said that an external vendor was the cause of a data breach at their company.

This is because many businesses don’t do a thorough job of managing access when a relationship with an external vendor ends, according to Kalsi.

“There needs to be better governance around these things,” he said.

More: https://www-cnbc-com.cdn.ampproject.org/c/s/www.cnbc.com/amp/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html