GET A DEMO
People

Five Ways Your Staff Impacts Data Breach Prevention

All the tools in the world won't help you if your staff aren't up to speed when it comes to data breach prevention Here are five things to look out for.

David Gruberger | October 28, 2021

As organizations continue to increase their reliance on software to drive operations, more and more people are at risk of experiencing cyber security threats. And it’s up to you to understand and fix these issues. Read on to learn five common roadblocks of effective data breach prevention, and the best practices to remedy them.

  1. Confusing compliance with cybersecurity:
  • Enterprise risk management requires that every manager in the company has access to the parts of the security system that are relevant to them.
  • Security is a company-wide responsibility. As a result, managers, and everyone else, should oversee how data flows through the system and know how to protect confidential information from leaking.
  • Most companies are still not adequately prepared for – or even understand – the risks faced, much less take care of vulnerabilities that may lead to breaches. 
  1. Threats in the Bring Your Own Device policy (BYOD), Work From Home trend (WFH), and the cloud:
  • The “Bring Your Own Device” policy and Work From Home trend can bring on many new cybersecurity risks. 
  • Key metrics: 
    • The main barriers to BYOD adoption are concerns about information security (30%), and employee privacy concerns (15%).
    • When the COVID-19 pandemic hit, cloud-based attacks spiked 630% in the first four months of WFH. 
    • 22% of organizations confirmed that unmanaged devices containing corporate resources downloaded malware in the last 12 months, 49% were unsure or unable to state whether the same could be said of them.
  • The bright side is that awareness on the matter of BYOD policies is increasing. When it comes to mobile devices, password protection is still the go-to solution. Overall, things seem to be going in the right direction with BYOD security.
  1. No information security training:
  • Employee training and awareness are critical to your company’s safety. In fact, 50% of companies believe security training for both new and current employees is a priority, according to Dell’s study “Protecting the Organization Against the Unknown – A New Generation of Threats”. 
  • Take a quick look at the most common file types that cyber attackers use to penetrate your system. This will tell you what types of actionable advice you could include in your employees’ training on cybersecurity. The human filter can be a strength as well as a serious weakness. Educate your employees, and they might thank you for it. This training can be valuable for their private lives as well.
  1. Lack of collaboration between security and IT:
  • Staff that are not collaborating,  are not remediating. This is due to many reasons… 
    • The degree of staff collaboration directly impacts the speed of remediation. Vulnerability remediation is aimed at resolving weaknesses before they are uncovered and exploited by attackers. So, it is crucial that this happens as quickly as possible to minimize breaches.
    • The person who uncovers a problem is not usually the one that fixes it. Therefore it is important to have constant communication between teams, so that when a vulnerability is uncovered, the person that can fix it is made aware—fast. 
  1. Developers building homegrown software can easily push code that isn’t secure:
  • Building your own software applications can put you and your users at risk. A fully-aligned vulnerability remediation process is necessary to eliminate these security weaknesses. 
  • Read more in our application security blog post about application security best practices.
  • Developers’ success is measured by how efficiently and effectively they produce software. This prioritization of output can often result in conflict when it becomes necessary to slow down in order to address security issues. Having a good prioritization of workflow means lightening the load on developers by only calling attention to a network’s worst vulnerabilities.

If you want to be confident in your team’s risk remediation capabilities be vigilant and start addressing open vulnerabilities with Vulcan. Get fix done and  prevent data breaches before they occur.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy

strip-img-2.png