With cyber breaches, we tend to focus on technology; however these events mostly happen because of employee behavior. It could be as simple as a well-meaning employee sending business documents home to work over the weekend, or a weak BYOD policy and a laptop was stolen, or because an email with a malicious code was clicked on, even by a disgruntled employee.
The consequence of employee behavior on security, is a critical issue, and isn’t getting the proper attention as it should.
Although the focus has been on IT and Security departments, Marketing for example can cause all types of privacy issues in their handling of customer data.
One case is a consumer transport company. Its recent privacy issues and negative press were not the result of a hack or a breach, but rather, were caused by the deliberate behavior and actions of employees at the direction the CEO.
The employees used software to predict how many people were having one-night stands.
This is a perfect example of lack of the thought process when it comes to collecting personal data. By not training your employees on the appropriate use of data, your brand can be diminished.
Employee training is the key to mitigating cybersecurity risk at all levels in every part of the organization.