10 Ways Employees Are Sabotaging Your Cybersecurity Stance

Following are some ways, whether intentional or not, employees can undermine cybersecurity and some advice on how to handle each scenario.

Lisa Morgan, Freelance Writer

June 20, 2024

10 Slides
Single word sabotage. Text on green and yellow background.

Already have an account?

Tatyana Azarova via Alamy Stock

The threat landscape is evolving, and attack surfaces are expanding. Still, one of organizations’ weakest links is often well-meaning employees making inadvertent mistakes. 

“Well-intentioned employees continue to use consumer grade software tools to make their work easy and more productive,” says Eric Schmitt, global chief information security officer at Sedgwick, a global claims administrator which offers technology-enabled risk, benefits and integrated business solutions. “These tools include cloud storage services, file-sharing apps, messaging platforms, video conferencing tools and personal devices. While these tools may seem harmless and convenient, they can pose serious risks to your business’ cybersecurity.” 

One notable threat is the fact that consumer-grade products and services weren’t designed for enterprise-grade security and compliance, which can cause data leakage, unauthorized access and compliance breaches. 

“To address this threat, employees need training on IT policies, emphasizing the risks of shadow IT and the importance of consulting IT before adopting new tools. Enterprises can deploy cloud access security brokers (CASBs) to monitor and control unauthorized cloud services, ensuring adherence to security policies,” says Omer Cohen, CISO at customer authentication and identity management platform Descope, in an email interview. “Given the numerous data breaches and compliance violations stemming from shadow IT, this proactive approach is crucial for maintaining cybersecurity.” 

Employees may also be lax about software updates, which can translate to unpatched vulnerabilities. 

“Exposing sensitive information, even if inadvertently, could lead to noncompliance and put the organization at risk of facing corresponding penalties from regulatory bodies. Additionally, threat actors often scan for known vulnerabilities and once identified, can gain access to an employee’s device through this vulnerability, and leverage that access to then gain entry to the organization’s networks and systems,” says Jordan Rae Kelly, a senior managing director and head of cybersecurity for the Americas at business consulting and global advisory firm FTI Consulting in an email interview. “Even with robust protections in place, a cybersecurity incident can make the organization appear to have a poor cybersecurity program. This harms value to investors and reputation to customers.” 

To discover, monitor, and manage shadow IT, Kelly says businesses should: 

  • Conduct audits and surveys of employees' devices and data usage. 

  • Utilize a cloud-hosted endpoint management solution, such as Microsoft Intune, to identify installed software.  

  • Use network monitoring and analytics tools to identify any abnormal or suspicious network activity. 

  • Implement a cloud access security broker solution to manage and secure your cloud environment. Ideally, a single holistic solution should be implemented to provide correlated and collated results and ensure broadest coverage.  

  • Utilize data loss prevention (DLP) tools are also instrumental to detect or prevent sensitive company data from being lost or leaked to unauthorized locations. 

Following are some more ways employees undermine cybersecurity and what to do about them. 

About the Author

Lisa Morgan

Freelance Writer

Lisa Morgan is a freelance writer who covers business and IT strategy and emerging technology for InformationWeek. She has contributed articles, reports, and other types of content to many technology, business, and mainstream publications and sites including tech pubs, The Washington Post and The Economist Intelligence Unit. Frequent areas of coverage include AI, analytics, cloud, cybersecurity, mobility, software development, and emerging cultural issues affecting the C-suite.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights