Cybersecurity incidents can cause major harm to an organization’s operations and reputation. An accidental click by an employee can lead to ransomware or a data breach, which costs the company time and money. Today, let’s talk about employee-involved cybersecurity incidents.

Employee-related Incidents

According to this study by Kapersky Lab and B2B International, 52% of 5,000 businesses polled admit their employees are their biggest IT security weakness. They have concerns like inappropriate sharing of data via mobile devices and the loss of mobile devices. In fact, the same study noted that careless or uniformed employees played a role in close to half of serious cybersecurity incidents in 2017.

According to Shred-it’s 2018 State of the Industry report, 25% of workers say they leave their computer unlocked or unattended. The Shred-it study also notes that the majority of companies surveyed believe the risk is higher in a remote work situation – something that is especially relevant in current times. Unfortunately, more than half of companies don’t have a specific policy in place for handling sensitive information in a remote workspace.

Positive Vs. Negative Reinforcement as a Solution

It’s clear that employees do pose a threat to security, even if largely unintentionally. And according to a recent study by CybSafe, more than 40% of companies punish employees for cyber mistakes. Punishments include naming and shaming, restricting privileges or locking accounts until remedial training is complete. Unfortunately, according to a lab-based experiment, these punishments don’t have the intended effect. Instead it leads to high anxiety levels, in the moment and long term, and decreased productivity. Employees will be less likely to report incidents, potentially leading to even more cyber insecurity for the organization.

We believe the best option is positive reinforcement and regular reminders of the importance of good cybersecurity choices. An annual refresher isn’t enough. It’s why we started our Bite-sized Security Awareness and Bite-sized Phish & Learn programs! When we bring cybersecurity to the forefront of our organizations, employees will begin to incorporate good cyber hygiene practices in all they do. They’ll hesitate before clicking a suspicious link or spend that extra second to lock their workstation. When your organization’s help desk plays a role in positively supporting a culture of cyber awareness, employees won’t work around blocked websites or other protections without first seeking advice.

We’re human and mistakes will happen. It’s how we prepare and respond that affects the long-term health of the organization.