One of the Top Cybersecurity Risks in Your Business Is Employee Apathy

Employee apathy may not be the first thing people consider while discussing cybersecurity risks, but disengagement could quickly lead to human error. Corporations face heightened vulnerabilities against hackers as is, with billions of dollars lost annually to digital scams.

Organizations that want to address these concerns must understand why their employees are apathetic to cybersecurity measures and how to rectify the situation. Here’s how companies can address employee apathy to prevent data breaches and other serious threats.

Why Are Employees Apathetic Toward Cybersecurity?

According to a recent FBI report, cybercrime victim complaints amounted to over $26 billion in losses from 2013 to 2019. Often, scammers deceive and manipulate employees to share personal data — including logins and passwords — and transfer unauthorized funds.

Cybercriminals prey on people's trustworthiness. There are several reasons why scammers have such an easy time bypassing employees and penetrating a company's network, including the following:

• Employees require a better understanding and awareness of cybercrime.

• Excessive responsibilities, stress, and disengagement in the workplace lead to mistakes.

• Companies lack stringent remote work cybersecurity measures.

• Employees are afraid to report incidents due to fear of being shamed or penalized.

• Reporting methods are too complicated or time-consuming.

• People feel disassociated from their workplace or disgruntled.

It is not uncommon for employees to fall for phishing scams at work. However, while bosses would like to believe their workers are all simply prone to human error, this is not always the case. An alarming 27% of employees from large corporations would sell their credentials for only $150.

Addressing employee apathy toward cybersecurity is crucial to protect business assets. Those who overlook this essential security threat risk jeopardizing their employees and customers and ruining their reputations.

5 Tips to Overcoming Employee Apathy for Enhanced Cybersecurity

When workers lack motivation or interest in following cybersecurity practices, companies are more prone to ransomware and malware attacks, serious data breaches, and other violations. As such, addressing employee apathy must be a top priority. These five tips can help businesses build a more cyber-secure workplace.

1. Deliver Cybersecurity Training

Security training makes a difference in preventing corporate-targeted hacker attacks. However, many employees are uninterested in educational modules. Employers should issue tailored programs based on each person's position and department to counter this.

For instance, remote workers might require different training than in-person staff, such as modules honing in on vulnerable and unsecured networks. Likewise, the accounting and financial departments may benefit from security education focused on wire transfer fraud.

Training initiatives will teach employees to look for misspelled words and suspicious domains in phishing emails. Grammar mistakes, generic salutations, and a sense of urgency are other indications an email request is not legitimate.

According to the cybersecurity resource platform SANS, people trigger over 80% of cyberattacks by clicking on email scams, using weak or compromised passwords, or mistakenly publicizing sensitive information.

2. Avoid Shaming and Punishing

All cybersecurity threats are serious, but if organizations instill fear of shame and punishment in their employees, people will be less apt to report potential attacks.

Several companies have also issued fake phishing tests to catch employees falling for scams. However, these tactics have done nothing but anger and disengage workers further.

For instance, U.K.-based train operator West Midland Trains sent employees a test phishing email about receiving a bonus for their hard work during the pandemic. However, employees who clicked the link received another message saying they'd fallen for the scam.

Although West Midland Trains is not the first company to do this sort of phishing test, people called its actions a "reprehensible" and "cynical" trick.

Instead, businesses should use positive incentives to build trust and ensure worker collaboration in cybersecurity measures. Offer employees a reward for reporting threats and avoid punishment when something does occur.

3. Create a Simple Reporting Protocol

Another reason for employee apathy regarding cybersecurity risks is an overly complicated reporting protocol. Companies must create a straightforward reporting process for employees to flag threats easily.

Who must they report to? What are the steps for documenting a potential issue? A reporting protocol could entail sending an email or filling out a contact form for the IT department.

Employees might also be given a name and phone number to call when they stumble upon something suspicious.

The best approach to developing a robust reporting protocol is to automate the process wherever possible. Of course, ease of reporting is equally important. Employees want a simple tool to avoid wasting too much time or risk retaliation.

4. Recognize Unhappy Employees

Careless and disengaged employees aren't the only cause of data breaches. Companies must weed out upset workers to prevent them from handing over sensitive data intentionally.

Organizations have the difficult task of navigating a 50% increase in insider threats — accidental and malicious — to prevent cybersecurity damage. Disgruntled employees may seek ways to get back at their employees by behaving criminally.

The real question is whether apathy could result in an angry employee. The workforce has turned volatile and uncertain in the post-pandemic world. With so many changes on the horizon — particularly return-to-office mandates — it is possible for people to feel resentful toward their employers.

5. Seek Employee Feedback

One of the primary causes of workers’ apathy is the belief their employer doesn't care about their opinion. According to research and consulting firm Gartner, 82% of employees want their company to value them and their work. However, only 45% believe their companies do.

Negate employee apathy by engaging them in cybersecurity measures. Seek prompt feedback from workers, including their preferred reporting process and training. This will prove invaluable for companies to address cybersecurity threats as a cohesive team.

If leadership understands where the knowledge gaps are and what it will take to get employees on board, they can tailor their initiatives to meet demands.

Cybersecurity Is a Companywide Effort

Collaboration between leadership and workers is necessary to protect companies against cybercriminals. Hyper-vigilant workers on the lookout for suspicious threats and breaches help companies protect sensitive data and assets from malicious players. Addressing employee apathy is a crucial first step toward achieving a secure digital landscape.