Employee Negligence Remains a Critical Threat to Customers’ Security
This is Part 1 of a 3-part series examining the biggest threats to endpoint security today, all of which can be conversations to have with your customers.
Hackers have long struck fear into the hearts and minds of businesses and consumers everywhere. For good reason. They can do a lot of damage to enterprises. But ask a CSO about what his or her biggest security challenge is and it’s doubtful their first answer will be hackers. More likely, they’ll say it’s their employees.
It’s not that CSOs think everyone is purposely trying to wreak havoc within their organization. Instead, their fears arise from employees unwittingly or carelessly ignoring corporate security policy and putting sensitive data, including intellectual property and customer information, at risk.
In fact, 81% of U.S. IT and IT security practitioners said the biggest security challenge is minimizing the threat of negligent or careless employees who don’t follow security policies, according to the Ponemon Institute’s 2016 State of the Endpoint report. That’s an increase from 78% last year, and it’s the second consecutive year that employee negligence was selected as the biggest worry.
Frankly, IT and security leaders are right to be concerned. The report also notes that insecure mobile devices in the workplace have increased from 33% to 50% since 2013. Mobile devices, including laptops, tablets and smartphones, have become a primary target for malware creators. While businesses go to great length to implement complex and expensive firewalls, bad guys still get in through the front door because more employees use their own insecure devices for work.
So what’s a solution provider to do? For one, start the conversation. Ask your customers about their security protocols. Do they allow employee-owned devices on the network? Do they have any measures to ensure security? How well do employees know the company’s security policy? Do they even have a security policy?
One problem, another study found, is that too often companies haven’t provided adequate security training to employees. The good news is that’s changing. The Enterprise Management Associates report reveals that 59% of workers have received some security training, up from 44% the year before. Workers are also getting more education: 23% received five or more hours of security-related training in 2015, up from 15% who received that amount the prior year.
As a strategic technology and business advisor, don’t be afraid to ask customers the tough questions about security, then help them develop stronger procedures complemented with state-of-the-art security solutions to alleviate some of those fears.
Even if you don’t have the security expertise to lead the way, Global Convergence can help. Leverage our world-class services resources and talk to us about our leading-edge, disruptive security technology partners. We can help you develop and implement a comprehensive security strategy for your customers—complete with training to minimize risk caused by employee negligence. After all, the worst thing you want to see is your customer’s name in a hacker headline.