Losing data strikes more fear in businesses than getting hacked.
A survey released today by San Francisco, Calif.-based Wells Fargo Insurance shows 47 percent of mid-sized companies were concerned with losing private data compared with 26 percent worrying about hackers disrupting their systems.
The survey highlights the top network security and data privacy concerns among companies with $100 million or more in annual revenue. It was constructed by talking to 100 decision makers empowered to make insurance purchases about network security and data privacy issues.
While losing data topped the list, followed by concerns over hacking, it appears few companies are worried about their employees misusing technology. Seven percent of those polled cited that as a concern.
That didn’t surprise Dena Cusick, national practice leader with Wells Fargo Insurance’s technology, privacy and network risk national practice.
“I honestly think that people don’t realize how many mistakes people make throughout the day,” Cusick said.
A study commissioned by Verizon last year shows 10.6 percent of cyber issues were a result of insider misuse, and a NetDillegence study showed carriers reported 11 percent cyber claims resulted from staff mistakes.
“Human error is a huge factor,” she said. “And that is what gets people every time.”
While many companies have yet to wake up to potential problems caused by employee misuse, Cusick believes a few businesses are beginning to recognize it as emerging problem.
No respondents in the 2015 Wells Fargo Insurance survey named employee misuse as a concern.
Cusick reasoned this slight uptick may come from more companies possessing the tools to figure out where breaches are occurring.
“I think people are able to engage better forensics,” she said, adding that a number of companies have developed the ability to drill down and discover the point of entry in attacks and breaches.
Following is the top eight network security and data privacy concerns with last year’s ranking in parentheses:
- Loss of data – 47 percent (45 percent)
- Hackers – 26 percent (25 percent)
- Security breaches – 26 percent (20 percent)
- Maintaining reputation – 9 percent (4 percent)
- Viruses – 7 percent (10 percent)
- Software vulnerabilities – 7 percent (7 percent)
- Employee misuse of technology – 7 percent (0 percent)
- Other – 7 percent (13 percent)
Spear phishing from foreign hackers targeting employees is one trend Cusick is seeing is more of.
“They’re falling for spear phishing attacks and downloading these viruses into the system,” Cusick said.
One of her clients became the victim of a spear phishing attack when an employee clicked on an email that prompted the recipient to “Click here to find out how much vacation time you have.”
The email looked like it was from human resources, but when the web browser opened it was a different link, Cusick said.
Another type of scam that seems to be popular lately is fake photocopier repair personnel coming to offices and telling a receptionist they are taking the office’s copier in for repair.
Most modern photocopiers have large capacity hard drives embedded in them, Cusick said, adding, “There could be 100,000 documents in there.”
These are among the reasons why Cusick and others in the industry are encouraging clients to beef up employee awareness training, such as teaching employees to check with the office manager before letting office equipment out the door, and that emailed requests to log onto a third-party portal should raise a red flag, as should emails with a strange font, or a fuzzy company logo that may have been copied and pasted into an email.
Was this article valuable?
Here are more articles you may enjoy.