Increasingly, to gain competitive advantage, employers are trusting employees to choose and use the most appropriate technology and work style to increase productivity. The result is a workforce with increasing numbers of remote and contract workers. This reality means that IT and cybersecurity teams can no longer rely on closed, locked-down environments as their primary method of risk mitigation. Like it or not, they must grant open access to data and systems so that users are effective in their jobs. They must also trust that users will handle the access with care.
A new global survey of 600 IT leaders across various industries into the role of workplace trust and cybersecurity revealed that organizations want to trust their employees when it comes to cybersecurity, but to do so, they need to master the fundamentals. However, data from the survey reveals that some organizations have a way to go to improve their approach to managing the insider threat. In fact, they have to go back to basics.
For one, the survey found that 43% of organizations don’t have a policy that prohibits staff from taking IP/data with them when they leave employment, while almost 60% of IT leaders don’t explain the repercussions of a data breach – whether accidental or malicious – to their employees. In the UK, only 46.5% say that revoking building access credentials is part of the off-boarding process, and only 62% take back physical work devices.
Against this backdrop, it’s probably unsurprising to learn that only 36% of IT leaders feel that cybersecurity is extremely important to their organization’s general employees. I would argue that, in today’s complex operating environment where nation-state and sophisticated hacks are on the rise, those responsible for IT and data security need to lead from the front and set about building trust in their employees. They have a clear opportunity to do so.
Data leaks, misuse and breaches continue to wreak havoc for both companies and the customers that they serve, and it can feel necessary to take a draconian approach to cybersecurity. However, it doesn’t have to be like this. Companies that prioritize effective training programs across their employee base and leverage precise monitoring technology can verify safe user activity – no matter where the insider is. While user privacy is an important concern, it doesn’t have to sit second in priority to an organization’s overall cybersecurity program. The right tools and measures can deliver full visibility into user and data activity, and detect violations of protocol, without compromising privacy.
Ultimately, while employees are the backbone of every organization – whether they are full-time, freelancers or contractors – they can also be a prime channel for information loss via negligent or malicious actions. It’s time to master the basics and ensure everyone – from employees to contractors – have access to the right knowledge and tools they need to help play their part in keeping the business safe, while also helping to fight the good fight against cybercrime.