Data breaches in India increased: how to talk to employees to avoid them

According to a new study, 66% of businesses in India have had at least one data breach since shifting to a remote working model. Employees and contractors are the number one cause of data breaches, especially when working from home.

“There are three main reasons why cybercriminals are successful: using personal devices for work-related tasks, not using cybersecurity tools, and falling for social engineering,” says Daniel Markuson, digital privacy expert at NordVPN.

NordVPN’s survey showed that, while working from home, 62% of employees were switching between work and personal devices to perform work-related tasks or engage in personal affairs. When trying to fishnet a personal account, hackers managed to get hold of a corporate one too. Webroot’s report found that personal devices are about twice as likely to become infected as business devices.

Another important thing is that people are not using cybersecurity tools, like a VPN or firewall, and are late to install updates with critical fixes of system vulnerabilities. The third reason is falling for social engineering: when employees  are located at a distance, it’s easier to take advantage of them by pretending to be someone from the company.

As corporations preparing for the second wave of work from home, managers are expected to raise cybersecurity awareness among employees.  Digital privacy experts strongly believe that, rather than just asking to be cautious, bringing up cybersecurity issues as part of delivering feedback to an employee will make organizations less vulnerable.

“The problem with IT infrastructure is that employees treat it instrumentally. If the tools and systems perform as expected, employees do not take additional action to improve their routines by using additional security tools or installing updates.  Cybersecurity habits should be considered just as important as the habit of generating performance reports. Regular feedback on digital hygiene is the best way to approach the issue,” says Daniel Markuson.

Turning cybersecurity training into feedback session

There are multiple techniques of delivering feedback. The most popular is the so-called sandwich technique, where a person is given a positive message at the beginning, constructive criticism and correctional advice in the middle, and another positive message at the end. The manager is expected to highlight if the employee was among the first to install updates or not to perform work-related tasks on personal devices, and to be constructive on the weak spots.

Another approach to feedback delivery is the “feed forward” approach, which focuses on positive suggestions for the future. The manager starts the conversation with the area that needs improvement and gives two positive suggestions for the future to improve that area.

3+1 topics managers should focus on during their feedback sessions

To help managers prepare for a conversation with employees, here’s a list of 3+1  topics to add to the conversation:

  1. Instant updates. The gap between the time when updates are offered to users and the moment they install them is an opportunity for hackers. Update releases show hackers existing vulnerabilities, and if employees are late to install the fixes, hackers take advantage of it.
  2. Unique passwords. Employees tend to use the same passwords to log in to their personal and business accounts. Hacking one account gives access to the overall subsystem of corporate platforms.
  3. Advice on having two separate VPNs. VPN provided by employers protects the organization from outside threats and makes online presence invisible to hackers. Contrary to personal VPN solutions, corporate VPNs  might be logging online activity. Employees should be aware of it in order to keep their lives private.

+1. Always think twice before sharing information with other employees. Twitter was hacked using social engineering. Hackers often pretend to be co-workers or partners to obtain information or push ransomware through. They might also create email addresses similar to the corporate ones, like: name@organisation.com. Employees should always double-check twice.

Regardless of which feedback technique the manager will apply, the most important thing in feedback delivery is for it to be timely and regular. The more frequently the topic is discussed, the more likely it is to become a part of organizational culture.

SHARE
Previous articleSingle Axis MEMS Capacitive Accelerometers in Eight Standard Ranges
Next articleAnritsu supports 5G-device EPS Fallback tests
Electronics Media is an Indian electronics and tech journalism platform dedicated for international electronics and tech industry. EM covers news from semiconductor, aerospace, defense-e, IOT, design, tech startup, emerging technology, innovation and business trends worldwide. Follow us on twitter for latest update in industry.