Prime Factors Blog

The Human Element of Effective Cybersecurity

Posted by Pete Flagella on Nov 2, 2017 12:27:53 PM

Find me on:


With 90% of employees violating data breach prevention policies, how do you get the attention of your employees to avoid the same mistakes?  

The biggest threat to your firm’s data security might not be hackers in Russia or China; it could be much closer than you think.  It could be your own employees. Your employees are the ones who constantly use, work with, transfer, and create sensitive organizational data on a daily basis, so it makes sense that they’re the ones who are most likely to accidentally (or intentionally) expose important information.

Despite the fact that many companies are trying to reduce breaches and increase security by developing stricter corporate data policies, it seems that some employees just aren’t getting it. It doesn’t matter if you have the most effective policies in the world – if no one is following them, they will not work. With an estimated 9 out of 10 employees violating data security policies on a regular basis, many companies are struggling to find a way to improve the human element of their cybersecurity strategy.

Experts say employees pose a bigger threat than hackers, and device security is one of the reasons why.

Many cybersecurity issues can be linked to employees using their personal devices for work. Two-thirds of employees say they use personal technology such as laptops, smartphones, smartwatches, and tablets for work purposes. To exacerbate things further, there is an increase in the number of employees who work remotely. Employees who travel are also vulnerable. Employees must be aware of the potential threats they face when using personal or work technology across unsecured networks. 

It is easy to understand why employees prefer their personal devices. Using a personal device allows customization and ease of use. IT departments and purchasing managers are able to cut down costs and complaints when employees use their own devices. Organizations may think they are saving when they prioritize cost, convenience, and productivity over security. However, they are more sensitive to cybersecurity threats and when a breach does occur the financial pains will outweigh the gains. Whether your organization chooses MFA (Multi-Factor Authentication) or IAM (Identity Access Management) for example, a Bring Your Own Device (BYOD), the employees must understand the policies and procedures in place to mitigate threats, especially when working with sensitive data. 

In some instances, firms may want to consider either providing their own technology on a temporary basis or only giving company technology to the employees who tend to work with the most sensitive data. This can increase costs and mitigate risk exposure while maintaining a balance between the needs of the employee and the cybersecurity needs of the company.

Organizations need to make sure that security solutions work with, not against, employee productivity.

Overall, it’s important that cybersecurity procedures align with and don’t get in the way of employee productivity. Highly-skilled employees can be incredibly creative, and if they feel like a certain policy or procedure is really hindering their efficiency, they’ll often find a way to work around it, often at the expense of your business’s security. 

A routine example is a company who has a policy requiring employees to use extremely complex passwords and change them often. The employee might simply attach a sticky note with their password to their computer monitor for efficiency. This extremely insecure workaround leaves the password open to all passersby, including vendors, other employees, and even criminals who might break into an office to steal confidential data. If the crafters of the password policy in the example had worked with employees and experts to create a better solution – one that used encryption or key chain password access for important accounts – it would be able to improve the organization’s security stance without hindering productivity.

Implementing an effective encryption strategy can mitigate user and device breaches.

In addition to smart data security policies and procedures, an effective encryption strategy can minimize application and data breach exposure, which is the main target of cyberattacks. By ‘locking down’ the applications and data with encryption such as key management and tokenization, the security of your most important company data and information can be protected even when user and device breaches occur. Prime Factors delivers an integrated, platform-independent solution called EncryptRIGHT that can protect mission-critical data at the application and data level, the ‘last line of defense’. 

To learn more about how EncryptRIGHT can secure your business from a variety of digital threats, contact Prime Factors at 888-963-6358 or through our contact form for free consultation. With our 30-day free trial, you’ll find the peace of mind in securing your most important business data and information. At Prime Factors, we believe data security is a “prime factor” of business continuity. 



To learn how encryption can lower the cost of regulatory compliance while enhancing security, download our white paper Reducing the Cost of Regulatory Compliance with Encryption.  



Topics: encryption, PCI Data Encryption, PCI Data Security Standards