Research Shows Employees Are Liabilities…

Like I've always said - enforcing cyber-security is no easy task, but things are way more difficult than they seem. Why? Well, if you work as an IT manager, then you know that no matter how hard you strive to make a network safe, there will still be a bastard out there that will screw things up for you! But the fact that employees are sometimes feared more than hacker attacks are is something you might have already known. But what you didn't know is that Sophos actually researched into this to see which type of employees companies fear most.

"Remote workers and guests can be a real headache for IT administrators trying to safeguard corporate networks, particularly when they're using different devices, different security software and different operating systems or system patches," said Graham Cluley, senior technology consultant at Sophos. "These users don't have malicious intentions, but if they're allowed to logon, they can inadvertently expose the network to a myriad of security threats. Without a solution for standardising who and what is allowed network access, these companies are greatly increasing the risk of leaving avenues open for cybercriminals to exploit."

"It's concerning how many companies are unaware of non-compliant machines being used on their network, even though they may be permanently connected," continued Cluley. "However, irrespective of where the problem lies, the answer is the same. Smart network access control solutions can now help organizations comprehensively enforce their security policies, ensuring that any non-compliant device, whoever it may belong to, is locked down and unable to jeopardize the network."

Sophos found out that companies mostly fear standard employees - considered the greatest threat by 44% of the companies they surveyed. Then, in second place, came remote and mobile employees (31%) while contractors/outsourced labor and guests came in third and fourth. These facts are a bit alarming and show that more needs to be done in order to better enforce cyber-security, but then again - no matter how skilled an IT manager is, a company will never have good cyber-defenses if the employees are not educated about the threats in cyberspace!