Securing the Human – Exploring Current Security Awareness among Employees and Finding Ways to Improve it in the Organizational Setting
MetadataShow full item record
As organizational security breaches increase, it becomes imperative to understand the factors that lead to these breaches and take the necessary steps to minimize threats. Since employees are considered the weakest link in ensuring the security of corporate data, this paper evaluates various employee characteristics (demographic, company-specific, and skills-based) to understand their relationship with security knowledge and likelihood of becoming a security breach victim. This paper accounts for four different, yet intertwined, security risk areas: phishing, passwords, BYOD and laptop usage in the organizational setting. Findings from a survey of 250 employees at a medium-sized US consulting firm identify higher-risk employees and evaluate the relationship between employee characteristics, understanding of security policies, and security risks. Based on these findings and separate interviews with security experts, the study concludes with a set of recommendations for companies to improve organizational security and reduce risks caused by human factors in securing organizations’ endpoints.