Combating Morale Hazard Part 2: Empowering Employees
In a previous article, we explored the concept of morale hazard as it relates to organizations and the potential cybersecurity risks that can arise when organizations solely rely on their insurance to protect themselves from a cyber incident. This article takes a closer look at morale hazards at the employee level and offers tips for employees to take ownership of their cybersecurity and protect both themselves and the organizations they work for.
One of the biggest challenges in addressing morale hazards is making employees care about or pay attention to cybersecurity. After all, many people view cyber security as someone else's problem or something that only affects big companies. However, the truth is that every employee has a role to play in keeping their organization secure, and a cyber incident can have serious consequences for both individuals and companies. According to a report conducted by the World Economic Forum, 95% of cyber-attacks on organizations are caused by human error.
However, it’s the small cuts that go unnoticed that cause the deepest wounds.
One of the reasons why people don't take cybersecurity as seriously as they should is that cyber threats don't trigger the same emotional response as physical threats. For example, if someone's car is stolen, they will likely feel a sense of outrage and take steps to protect themselves in the future. In contrast, when a person's data is compromised, the consequences may not be immediately apparent and the emotional response may not be as strong. However, it’s the small cuts that go unnoticed that cause the deepest wounds.
The absence of an emotional response to cyber threats can lead to a false sense of security and weaken people's vigilance, making these dangers even more insidious and potentially disastrous. Underestimating cyber threats due to their lack of immediate emotional impact is a dangerous mindset. To stress the gravity of the issue, the World Economic Forum has alerted of a potential global catastrophic cyber event, like a worldwide attack on critical infrastructure, in the next two years. Such an event could lead to widespread disruptions of essential services, panic, chaos, power outages, food and water shortages, and hindered emergency response, with billions in damages, lost productivity, and lives lost.
The absence of an emotional response to cyber threats can lead to a false sense of security and weaken people's vigilance, making these dangers even more insidious and potentially disastrous.
While the idea of a global catastrophic cyber event may seem overwhelming and one individual may not be able to prevent it entirely, every individual has the power to prevent a cyber attack on their organization. By educating employees about the potential consequences of cyber attacks and providing real-life examples, such as phishing scams, individuals can take steps to protect themselves and their organizations from these threats. Additionally, organizations can mitigate the risks of human error by implementing security protocols, regularly conducting security training and awareness programs, providing access to security software and resources, and giving clear guidelines for detecting and reporting suspicious activity. It's important to remember that it's not just large, newsworthy attacks that can cause damage, but also small, seemingly insignificant ones triggered by the human condition. Ultimately, whether it’s preventing a global catastrophic cyber event or a business email compromise, it is the collective responsibility that requires the concerted efforts of individuals and organizations alike.
Steps to Empower Employees
While it is a shared responsibility to combat cyber threats, individual actions can also make a significant impact. Here are some practical steps that employees can take to strengthen their own cybersecurity.
- Keeping your computer and mobile devices updated with the latest security patches.
- Using strong and unique passwords, and enabling two-factor authentication wherever possible.
- Being cautious when opening emails or clicking on links from unknown sources, especially if they ask for personal information.
- Reporting suspicious activity
- Backing up important data regularly.
- Being mindful of the personal information shared online and on social media.
- Having readily accessible cybersecurity reference guides on hand when facing a security issue.
- Verifying and ensuring the proper setup of network security configurations on a regular basis
By taking these steps and building good habits, employees can help mitigate the risks associated with morale hazard and ensure they are doing their part to keep their organization secure.
Are you craving more insights on cyber insurance, cyber risk, and cybersecurity technology? You'll want to follow the Elpha Secure blog for fresh perspectives and detailed content created with help from our very own industry experts.