As the fiscal year comes to a close, budget concerns are top of mind for millions of people in the workforce. Across the globe, there’s one area where spending is ballooning out of control: data security. It’s estimated that two years from now, companies will burn a whopping $1 trillion on cybersecurity. And that number isn’t exaggerated either. In 2018 alone, cybercrime caused $1 trillion in damages, and that cost is expected to reach $6 trillion by 2021.
But while companies continue to devote astronomical sums of money to process and technology, there’s a third piece in the cybersecurity puzzle that gets very little investment: people. It surprises many to learn that 90% of cyberattacks and information breaches are caused by human error or behavior, not technology failure.
Employee engagement is now an IT issue
Some degree of mistakes and human error are inevitable, but increasing employee engagement can successfully address the willful violation of security protocols and prevent security incidents caused by negligence.
Employee apathy is one of the biggest security liabilities of a company. A 2016 study found that 22% of data breaches were caused by malicious employee activity, and 65% were a result of negligence. Disengaged employees are more susceptible to outside manipulation, more likely to leave systems vulnerable due to negligence, and at greater risk for leaking sensitive company information. In fact, employees are five times more likely to take data when disengaged.
3 common reasons employees are apathetic about IT security:
1. Changing attitudes about data ownership and privacy
Millennials have grown up with the internet and are comfortable with it permeating every aspect of their lives. Additionally, the social media boom has created a sharing culture. Without really knowing who’s on the other side of the screen, people share the most personal and private details about their lives at home and at work.
This has led to low adoption rates for the data security procedures standards companies have put in place. Millennials reuse passwords more than any other demographic, and 60% of them accept connections with strangers “most of the time.” There also seems to be disagreement about who owns data created at the workplace. 72% of millennials believe they are entitled to the data they help work on while only 41% of baby boomers feel the same way.
2. It’s a sensitive and complicated topic
Rapid technological advancements are outpacing our ability to adapt. In response, companies have implemented continually evolving security protocols to control access to sensitive data. Two-factor authentication, VPNs, mobile device management, and other technologies and programs can be difficult for the average person to grasp.
The majority of internet users just don’t have a good understanding of the latest security standards and best practices. Additionally, some security programs involve installing apps on or giving access to personal devices. Workers are beginning to feel uneasy with this perceived invasion of privacy.
3. Poor communication and collaboration with IT
Even if IT teams create the best security plans, their efforts are useless if these plans aren’t understood by the rest of the organization. It’s critical for IT teams to build awareness around security issues and get everyone in the organization working together to prevent data loss or breaches.
Problems arise when these messages aren’t conveyed in a way that nontechnical employees can understand, or when people don’t feel included in discussions. Historically, IT teams aren’t given sufficient training in the “people” part of their roles, as more time is spent focusing on technology and process than communication and collaboration.
3 ways improving employee engagement prevents data loss or theft
1. It reminds employees to be more vigilant
The truth is that everyone in the organization has a responsibility to help keep data safe from breaches. When employees are engaged and feel a personal obligation to protect the organization and each other, they are more willing to participate in security programs and more careful with the way they treat sensitive information. When everyone in an org, not just the IT team, is focused on keeping things secure, companies can greatly reduce their risks.
2. It helps IT teams better convey information
Ensuring technical systems are functioning properly and safeguards are in place is the bare minimum in today’s world when it comes to cybersecurity. The engaged IT leader takes the time to educate employees and collaborate with departmental leaders to ensure everyone is aware of the dangers and knows how to protect themselves.
Engaged IT teams partner with their colleagues in communications to drive awareness of security initiatives, increasing their adoption. This investment helps orgs to be better prepared to respond to any internal or external threats.
3. It deters data theft
An engaged workforce that cares about protecting the business and each other will be less likely to participate in data theft. Engaged employees are more apt to be familiar with and respect company guidelines on data handling and more aware of the consequences for violating those guidelines.
How IT leaders can increase employee engagement around security issues
1. Point out the business impact
Nontechnical workers may have a hard time understanding how security breaches occur and the devastation they can cause. IT leaders need to speak these employees’ language and frame threats in terms they can understand and care about.
Highlight the potential business risk and disruptions attacks and theft can cause. Wherever possible, point out the financial impact in concrete numbers to drive the point home. When employees, especially executives, can visualize how breaches will directly impact their work, they are more likely to follow security recommendations and guidelines.
2. Highlight personal risk
While every employee should care how a security threat could impact the company, there will always be those that take a more lackadaisical approach to these issues.
The key here is to draw attention to the personal threat a security breach could pose to each employee. In addition to business data, companies maintain an incredible amount of personal data for each of their employees and their families. Social Security numbers, addresses, phone numbers, family names, and more could all be stored on company networks and are just as vulnerable as company data. Adhering to cybersecurity standards is in everyone’s best interest.
3. Train your IT team to be better communicators and collaborators
In order for security plans and processes to be adopted, they need to be understood and accessible to the entire company. Invest in communication training for your IT teams so they can better collaborate with other departments. Partner with communications personnel to help drive awareness of security initiatives across the company. Use collaborate work management software to align people around security procedures and processes.
Using a tool like Wrike as your single source of truth provides one place for important documentation and can be updated automatically. Additionally, collaborative work management tools enable free-flowing collaboration while also protecting sensitive information.
Engaged employees are your best defense
Cybersecurity requires a three-prong approach involving technology, processes, and people. IT leaders have their work cut out for them. We live in a complex and changing world with new security threats popping up by the day. In addition to keeping companies safe, IT leaders also need to enable innovation and the free flow of data between teams.
When it comes to protecting organizations from internal and external threats, driving adoption of security initiatives, and reducing risks, focusing on increasing employee engagement is one of the best investments an IT leader can make.