Lack of Awareness, Poor Security Practices Pose Cyber Risks

Kathy Gurchiek By Kathy Gurchiek July 16, 2019
Lack of Awareness, Poor Security Practices Pose Cyber Risks

Are your employees savvy about potential cybersecurity risks to ensure they're using the Internet safely? How about being able to identify phishing threats or protecting data? 

Those are among the cybersecurity topics that employees from a variety of industries often answered incorrectly, according to an audit from cyber tech provider Proofpoint. Employees who had undergone security training were asked questions on 14 cybersecurity topics, including their understanding of unintentional and malicious insider threats.

Cybersecurity training must cover these topics regularly if employers hope to change workers' behavior., Proofpoint said in its fifth annual State of the Phish 2019 report.

SHRM Online collected the following articles from its archives and other trusted news outlets on this topic.  

Employees Flub on 1 in 5 Cyber Training Questions 

A recent security awareness audit concluded that workers who take security training choose the right  answers to cybersecurity questions only 78 percent of the time. The findings are based on an analysis of questions Proofpoint asked its customers across a variety of industries. 

That's not good enough. Organizations need to educate their workers to bolster their understanding of cybersecurity risks and issues, according to Proofpoint.

As cyber attackers increasingly focus their attention on people, not technical defenses, organizations should take a people-centric approach to cybersecurity, the company says in its State of the Phish report.

[SHRM members-only tools and templates: Laptop Security Policy]   

5 Top Cybersecurity Concerns for HR in 2019 

Security experts say there are a number of data security issues that human resource information technology leaders should pay close attention to this year. Here are their tips for minimizing risk.
(SHRM Online)  

The Growth of Ransomware Extortion Demands

Ransomware is becoming an increasingly common cause of cyber loss for businesses, according to the NAS Insurance 2019 Cyber Claims Digest. Findings are based on an analysis of 2018 claims data.

And costs go much further than just the ransom payment. Technical and legal expenses associated with negotiating and paying the ransom can triple or quadruple the cost of resolving the issue. It's not uncommon for expenses to go beyond $70,000.
(Insurance Business Magazine)  

Viewpoint: Are Your Employees Really Engaging with Security Awareness Training? 

Does your organization have a formal security awareness and training program? I'm constantly surprised at how often the answer is an awkward and uncomfortable "no." Implicit in the awkwardness is the recognition that such a program is a critical piece of a strong security strategy. Without awareness and training, it's likely that security will not be front of mind for your end users—but that doesn't mean that organizations with formal programs are effectively engaging their employees.
(Security Training)    

Five Strategies to Get Employee Buy-In For Security Awareness Training 

Last year, the FBI reported a staggering $12.5 billion has been lost due to e-mail fraud, underscoring the critical risk that exists each time  employees open their inboxes. A single weaponized e-mail could lead to a substantial data breach or financial loss.

But how can HR teams secure employee buy-in for cybersecurity best practices, while avoiding training burnout? The answer is empowerment.



Hire the best HR talent or advance your own career.

Are you a department of one?

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.

Expand your toolbox with the tools and techniques needed to fix your organization’s unique needs.



HR Daily Newsletter

News, trends and analysis, as well as breaking news alerts, to help HR professionals do their jobs better each business day.