Freely subscribe to our NEWSLETTER

usiness leaders need to stop blaming their employees for their own cybersecurity failures and take control of the digital keys to their business. This is according to MyCena, the market leader in segmented access management and encrypted password distribution.

In recent years, companies have increasingly put pressure on their employees to maintain strong password hygiene, using strong unique passwords for every account and not falling victim to phishing attacks. By placing the onus on employees, organisations are setting themselves up for failure.

Proofpoint’s 2022 State of the Phish report revealed that in the UK, 42% of employers inflict monetary penalties on staff that engage with real or simulated phishing attacks and 29% even lay off staff. These figures are both far higher than the global averages at just 26% and 18%.

Unsurprisingly, the report also highlighted an increase in the number of attacks year on year. In the UK, 91% of respondents revealed that they had faced phishing attacks and 84% reported seeing at least one email-based ransomware attack.

Julia O’Toole, MyCena founder and CEO said:

“The data from this year’s report reflects a misunderstanding on the part of organisational leaders. It is easy to blame other people, but it is the C-suite members who need to realise the risk they take when they relinquish the company’s command and control to their employees.

“The thinking around passwords needs a complete overhaul. Imagine an employer allowing each employee to create their own personal keys to access company buildings, elevators, floors, doors and data rooms. That’s exactly what’s happening when an employee uses their personal password to access your network and the critical parts of your business that cybercriminals are targeting.

“In the physical world, when an employee starts a new job, the company hands him or her the keys, fobs and cards required to access the different parts of the building. When the employee leaves, the company takes back the keys, fobs and cards, ensuring the employee no longer has access to the company assets. Throughout their time working for the company, management has full responsibility and control of who can access what.

“By asking employees to create their own digital keys to enter the different parts of their digital network, companies set themselves up to lose control of their digital infrastructure, from the moment their employees were handed the responsibility of their access keys.

“Phishing attacks are getting more sophisticated and harder to spot than ever before. Being able to perceive cyber threats is a challenge for even the most experienced and cyber-aware users. Your employees won’t all become cybersecurity experts, nor should they be expected to be. The current situation has put untenable pressure and stress on the employees for no good reason.

“We know that over 80% of data breaches start with a legitimate password, placing the onus on the employee rather than the organisation is counterproductive and financial punishments won’t ensure that it doesn’t happen again.

“Instead of forcing employees to remember dozens of complex passwords for various access points, adapt your technology to support employees in only using strong unique and encrypted passwords that can’t be phished. Not only do you take back the control of your own access points and cybersecurity, but you also relieve your employees from immense mental pressure. Information like passwords doesn’t need to be kept in people’s heads.

“Strong unique encrypted passwords can be controlled by the company and used by employees without them ever having to think of them, typing them in or remember them. Make your digital access security reflect your physical access security,” O’Toole concluded.