The Human Factor in IT Security: How Apathetic Employees Can Leave Your Business Vulnerable

As the fiscal year comes to a close, budget concerns are top of mind for millions of people in the workforce. Across the globe, there’s one area where spending is ballooning out of control: data security. It’s estimated that two years from now, companies will burn a whopping $1 trillion on cybersecurity. And that number isn’t exaggerated either. In 2018 alone, cybercrime caused $1 trillion in damages, and that cost is expected to reach $6 trillion by 2021. 

But while companies continue to devote astronomical sums of money to process and technology, there’s a third piece in the cybersecurity puzzle that gets very little investment: people. It surprises many to learn that 90% of cyberattacks and information breaches are caused by human error or behavior, not technology failure. 

Employee engagement is now an IT issue

Some degree of mistakes and human error are inevitable, but increasing employee engagement can successfully address the willful violation of security protocols and prevent security incidents caused by negligence. 

Employee apathy is one of the biggest security liabilities of a company. A 2016 study found that 22% of data breaches were caused by malicious employee activity, and 65% were a result of negligence. Disengaged employees are more susceptible to outside manipulation, more likely to leave systems vulnerable due to negligence, and at greater risk for leaking sensitive company information. In fact, employees are five times more likely to take data when disengaged. 

3 common reasons employees are apathetic about IT security:

1. Changing attitudes about data ownership and privacy

Millennials have grown up with the internet and are comfortable with it permeating every aspect of their lives. Additionally, the social media boom has created a sharing culture. Without really knowing who’s on the other side of the screen, people share the most personal and private details about their lives at home and at work. 

Get things done faster with Wrike!

Wrike is a highly flexible collaboration and project management solution for teams of all sizes.

Your business email Please enter your email Please enter the valid email

Get started for free Server error. We're really sorry. Wait a few minutes and try again.

This has led to low adoption rates for the data security procedures standards companies have put in place. Millennials reuse passwords more than any other demographic, and 60% of them accept connections with strangers “most of the time.” There also seems to be disagreement about who owns data created at the workplace. 72% of millennials believe they are entitled to the data they help work on while only 41% of baby boomers feel the same way. 

2. It’s a sensitive and complicated topic

Rapid technological advancements are outpacing our ability to adapt. In response, companies have implemented continually evolving security protocols to control access to sensitive data. Two-factor authentication, VPNs, mobile device management, and other technologies and programs can be difficult for the average person to grasp.

The majority of internet users just don’t have a good understanding of the latest security standards and best practices. Additionally, some security programs involve installing apps on or giving access to personal devices. Workers are beginning to feel uneasy with this perceived invasion of privacy.

3. Poor communication and collaboration with IT

Even if IT teams create the best security plans, their efforts are useless if these plans aren’t understood by the rest of the organization. It’s critical for IT teams to build awareness around security issues and get everyone in the organization working together to prevent data loss or breaches. 

Problems arise when these messages aren’t conveyed in a way that nontechnical employees can understand, or when people don’t feel included in discussions. Historically, IT teams aren’t given sufficient training in the “people” part of their roles, as more time is spent focusing on technology and process than communication and collaboration. 

3 ways improving employee engagement prevents data loss or theft

1. It reminds employees to be more vigilant

The truth is that everyone in the organization has a responsibility to help keep data safe from breaches. When employees are engaged and feel a personal obligation to protect the organization and each other, they are more willing to participate in security programs and more careful with the way they treat sensitive information. When everyone in an org, not just the IT team, is focused on keeping things secure, companies can greatly reduce their risks.

2. It helps IT teams better convey information

Ensuring technical systems are functioning properly and safeguards are in place is the bare minimum in today’s world when it comes to cybersecurity. The engaged IT leader takes the time to educate employees and collaborate with departmental leaders to ensure everyone is aware of the dangers and knows how to protect themselves.
Engaged IT teams partner with their colleagues in communications to drive awareness of security initiatives, increasing their adoption. This investment helps orgs to be better prepared to respond to any internal or external threats.

3. It deters data theft

An engaged workforce that cares about protecting the business and each other will be less likely to participate in data theft. Engaged employees are more apt to be familiar with and respect company guidelines on data handling and more aware of the consequences for violating those guidelines. 

How IT leaders can increase employee engagement around security issues

1. Point out the business impact

Nontechnical workers may have a hard time understanding how security breaches occur and the devastation they can cause. IT leaders need to speak these employees’ language and frame threats in terms they can understand and care about.

Highlight the potential business risk and disruptions attacks and theft can cause. Wherever possible, point out the financial impact in concrete numbers to drive the point home. When employees, especially executives, can visualize how breaches will directly impact their work, they are more likely to follow security recommendations and guidelines.

2. Highlight personal risk

While every employee should care how a security threat could impact the company, there will always be those that take a more lackadaisical approach to these issues.

The key here is to draw attention to the personal threat a security breach could pose to each employee. In addition to business data, companies maintain an incredible amount of personal data for each of their employees and their families. Social Security numbers, addresses, phone numbers, family names, and more could all be stored on company networks and are just as vulnerable as company data. Adhering to cybersecurity standards is in everyone’s best interest.

3. Train your IT team to be better communicators and collaborators

In order for security plans and processes to be adopted, they need to be understood and accessible to the entire company. Invest in communication training for your IT teams so they can better collaborate with other departments. Partner with communications personnel to help drive awareness of security initiatives across the company. Use collaborate work management software to align people around security procedures and processes.

Using a tool like Wrike as your single source of truth provides one place for important documentation and can be updated automatically. Additionally, collaborative work management tools enable free-flowing collaboration while also protecting sensitive information. 

Engaged employees are your best defense

Cybersecurity requires a three-prong approach involving technology, processes, and people. IT leaders have their work cut out for them. We live in a complex and changing world with new security threats popping up by the day. In addition to keeping companies safe, IT leaders also need to enable innovation and the free flow of data between teams.

When it comes to protecting organizations from internal and external threats, driving adoption of security initiatives, and reducing risks, focusing on increasing employee engagement is one of the best investments an IT leader can make.

Exposing the Truth Behind Workplace Happiness

Think office ping pong, free snacks, and an open-floor plan is leading to better productivity? Think again.

First Name Please enter a value Please enter the valid email

Last Name Please enter a value Please enter the valid email

Enter your business email Please enter your email Please enter the valid email

Phone Number Please enter your phone number Please enter the valid email

Afghanistan Albania Algeria American Samoa Andorra Angola Anguilla Antarctica Antigua & Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia Caribbean Netherlands Bosnia & Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory Brunei Bulgaria Burkina Faso Burundi Cambodia Cameroon Canada Cape Verde Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo - Brazzaville Congo - Kinshasa Cook Islands Costa Rica Côte d’Ivoire Croatia Cuba Curaçao Cyprus Czechia Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern Territories Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard & McDonald Islands Vatican City Honduras Hong Kong SAR China Hungary Iceland India Indonesia Iran Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati North Korea South Korea Kuwait Kyrgyzstan Laos Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macau SAR China Macedonia Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia Moldova Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar (Burma) Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Mariana Islands Norway Oman Pakistan Palau Palestinian Territories Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Islands Poland Portugal Puerto Rico Qatar Réunion Romania Russia Rwanda St. Barthélemy St. Helena St. Kitts & Nevis St. Lucia St. Martin St. Pierre & Miquelon St. Vincent & Grenadines Samoa San Marino São Tomé & Príncipe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia South Africa South Georgia & South Sandwich Islands South Sudan Spain Sri Lanka Sudan Suriname Svalbard & Jan Mayen Swaziland Sweden Switzerland Syria Taiwan Tajikistan Tanzania Thailand Timor-Leste Togo Tokelau Tonga Trinidad & Tobago Tunisia Turkey Turkmenistan Turks & Caicos Islands Tuvalu Uganda Ukraine United Arab Emirates United Kingdom United States U.S. Outlying Islands Uruguay Uzbekistan Vanuatu Venezuela Vietnam British Virgin Islands U.S. Virgin Islands Wallis & Futuna Western Sahara Yemen Zambia Zimbabwe Please select an option

1-49 50-99 100-249 250-499 500-999 1,000-1,999 2,000-4,999 5,000-9,999 10,000+ Please select an option

Marketing Project/Program management Professional Services Engineering & IT Other Please select an option

Project Management Portfolio/Program Management Product Management Marketing Project/Program Management Consulting & Professional Services Accounting, Finance & Audit Customer Services/Customer Support IT Operations Software/Website Development Analytics, Research & Data Science Creative Corporate Marketing & PR Leadership Digital Marketing Content Field/ABM Product Marketing Sales & Account Management HR Administrative Education Other Please select an option

C-Level & Partner VP/Head of Director, Sr. Director, Associate Director Group Manager, Lead, Coordinator Manager, Sr. Manager, Supervisor, Strategist Other Please select an option

By completing and submitting the form, I acknowledge Wrike's Privacy Policy.

Yes, I want to receive communications from Wrike related to news, offers, and promotions Please accept policy to proceed

I would like to hear about Wrike promotions by phone. Please accept policy to proceed

Get the report Server error. We're really sorry. Wait a few minutes and try again.

Thanks for your interest in our eBook!

Download it now

We have also sent the eBook link to your email for your convenience.