In 2011, the US Department of Homeland Security conducted an experiment on evaluate employees’ cybersecurity awareness. USB sticks and CD-ROMs were scattered across a series of parking lots located next to government buildings and government affiliated contractors’ buildings.
As employees exited or entered their cars, many tried to do their level best to be of assistance; picked up the devices. What if one of the organization’s top brass had dropped the device, and it contained irreplaceable files?
Of the individuals who picked up the devices, Bloomberg reported that 60% brought the devices into their offices, and plugged them into office-owned computers. CD-ROMS emblazoned with official logos were inserted into drives 90% of the time.
Unfortunately, since this experiment, organizations still struggle with employees’ cybersecurity awareness. Measure that your organization can take to instill awareness:
- Run frequent training seminars that explain the myriad of tricks that hackers use to try to break into an organization or a network.
- Communicate the potential impact of a data breach. Employees may be shocked to learn about average remediation costs of a cyber attack.
- Explain the problem with non-compliance. The price of indifference may have legal, financial, and reputational consequences for employees and/or the organization.
- Offer a procedure for turning in ‘lost’ devices, whether USBs, CD-ROMs or other types of hardware.
Yes, employees are still a weak link, but with the right training, they could become a strong line of defense. For more on this story, visit Bloomberg.