It seems there is a modern perception across many industries that employees are the weakest links in IT security. Also, during the pandemic when a lot of employees worked remotely, increased media reporting about growing cybercrime incidents exacerbated that slant.
It is vital that organisations brush up on security and fix any chinks in their security chain. First though, they must identify what the real weaknesses are.
Blaming employees for breaches in security is easier than blaming technology. Human error is normally down to the actions of a single person, whereas software failure is more complicated to explain; is it the fault of the software creators, the department managing it or the boardroom members who agreed to implement it?
More often than not, the real culprits of security breaches are neither employees nor technology alone but rather an inefficient security strategy and an unfocused company culture.
If organisations want their employees to take cyber security seriously, they must invest both time and resources in building a security strategy and implementing appropriate software. A well-built security strategy will consider and take input from all aspects of the business.
Once the strategy development is underway, the next – and most important – step is to adapt the company culture to centre around that strategy.
By rooting the security programme into the company culture, employees will begin to adopt the learnings and processes into their daily working routines and have much more respect for business security. Additionally, if managers preach the importance of security measures and then cut corners themselves, employees may exercise defiance and ignore protocols.
Essentially, a complete security strategy that is rooted within the company culture could enable employees to become powerful assets to business security, instead of perceived weak links! Read more about our backup and DR offering here.
Photo by Jonny Gios
