Why employees aren’t the weakest links in IT security
It seems there is a modern perception across many industries that employees are the weakest links in IT security. And, Technology news website ‘The Next Web’ writes that “given the ever-increasing frequency of data breaches – with human error often being a cause or catalyst – you’d be forgiven for thinking that employees are naturally at fault.”
With the current coronavirus crisis forcing able businesses to work remotely, and the media reporting increased cybercrime in light of the pandemic, it’s vital that organisations brush up on security and fix any chinks in their security chain.
First though, they must first identify what the real weaknesses are.
Blaming employees for breaches in security is easier than blaming technology. Human error is normally down to the actions of a single person, whereas software failure is more complicated to explain; is it the fault of the software creators, the department managing it or the boardroom members who agreed to implement it?
More often than not, the real culprits of security breaches are neither employees nor technology alone; but rather an inefficient security strategy and an unfocused company culture.
If organisations want their employees to take cyber security seriously, they must invest both time and money in building a security strategy and implementing appropriate software. A well-built security strategy will consider and take input from all aspects of the business. Chris Pogue, IT Pro Portal, explains that “a security programme cannot be successful without the commitment, support, evangelisation, and participating of everyone within your organisation”.
Once the strategy development is underway, the next – and most important – step is to adapt the company culture to centre around that strategy.
By rooting the security programme into the company culture, employees will begin to adopt the learnings and processes into their daily working routines and have much more respect for business security. And, SC magazine advises that “leaders need to do themselves what they tell their employees to do, even if it’s inconvenient”. If managers preach the importance of security measures and then cut corners themselves, employees may exercise defiance and ignore protocols.
The lesson here? A complete security strategy that is rooted within the company culture could enable employees to become powerful assets to business security, instead of perceived weak links
