According to a new survey, 44 per cent of employees in the industries most targeted with ransomware haven’t gone through employer-arranged cybersecurity training.
Covering employees from IT, finance, healthcare, law and education, the NordLocker survey also found that the majority of these employees (77 per cent) handle confidential data at work, despite receiving no briefing on company cybersecurity.
“The lack of employee cybersecurity training is truly alarming because the human element has been known to be the cause behind an overwhelming majority of cyberattacks,” said Oliver Noble, a cybersecurity expert at NordLocker.
“Companies that do not make their employees aware of the potential risks and tell-tale signs of cybercrime run a big risk that is not worth the consequences.”
One in five employees would blame the company exclusively if a data breach occurred, the figures revealed, even as 12 per cent of respondents don’t use any cybersecurity tools.
Of the cybersecurity tools used on company digital devices, antivirus software continues to be the most popular option, followed by password managers, a VPN, and file encryption tools.
“Without providing cybersecurity tools and enforcing their use, employers not only risk freezing their business to a complete halt but also gamble away potential clients that might become wary of the company due to questionable security and damaged reputation,” Mr Noble added.
What basic cybersecurity practises should businesses implement?
- To reduce the risk of data leaks, businesses are encouraged to encrypt files and other important information
- Adopt zero-trust network access to ensure employee identities must be verified before accessing company digital resources
- Enforce data backups and restoration processes in regular intervals
- Train employees to identify signs of phishing, to improve email security
- Implement multi-factor authentication and ensure employees use strong and unique passwords