Why employees aren’t the weakest links in IT security
IT The modern perception across many industries is that employees are the weakest links in IT security. Technology news website ‘The Next Web’ writes that “given the ever-increasing frequency of data breaches – with human error often being a cause or catalyst – you’d be forgiven for thinking that employees are naturally at fault.”
The current coronavirus crisis is forcing able businesses to work remotely. With the media reporting increased cybercrime, it’s vital that organisations brush up on security, fixing any chinks in their securitychain.
It is easier to blame staff than to blame the technology itself. Human error is normally down to the actions of a single person, whereas software failure is more complicated to explain. Is it the fault of the software creators? The department managing it? Or is it the fault of the boardroom members who agreed to implement it?
Often, the real culprits of security breaches are neither employees nor technology alone. It is actually an inefficient security strategy and unfocused company culture.
Organisations need their employees to take cyber security seriously. They must therefore invest both time and money in building a security strategy and implementing software. A well-built security strategy will consider and take input from all aspects of the business. Chris Pogue, IT Pro Portal, explains that “a security programme cannot be successful without the commitment, support, evangelisation, and participating of everyone within your organisation”.
Once the strategy development is underway, the next – and most important – step is to adapt the company culture to centre on that strategy.
By rooting the security programme into the company culture, employees will begin to adopt the learnings and processes into their daily working routines and have much more respect for business security. SC magazine advises that “leaders need to do themselves what they tell their employees to do, even if it’s inconvenient”. If managers preach the importance of security measures and then cut corners themselves, employees may exercise defiance and ignore protocols.
A complete security strategy, rooted within the company culture, could enable employees to become powerful assets to business security, instead of perceived weak links!