A significant 44% of employees haven’t gone through employer-arranged cybersecurity training, according to a survey commissioned by NordLocker.

This is a worrying statistic because the same study reveals that 77% of professionals handle confidential data at work.

The scope of the study covered 1 500 employees in the US from five different industries that are among the top targets of ransomware (education, healthcare, law, finance, and IT).

“The lack of employee cybersecurity training is truly alarming because the human element has been known to be the cause behind an overwhelming majority of cyberattacks. Companies that do not make their employees aware of the potential risks and telltale signs of cybercrime run a big risk that is not worth the consequences,” explains Oliver Noble, a cybersecurity expert at NordLocker.

The study reveals that 12% of respondents don’t use any cybersecurity tools at work at all. Among those who do employ safety measures on their digital devices, antivirus software prevails (68%), followed by password managers (59%), a VPN (51%), and a file encryption tool (42%).

“Cyber racketeers often go for the most sensitive, and thus the most important data companies have. Without providing cybersecurity tools and enforcing their use, employers not only risk freezing their business to a complete halt but also gamble away potential clients that might become wary of the company due to questionable security and damaged reputation,” says Noble.

When asked who should be responsible if someone accidentally caused a data breach in their workplace, most workers answered with “both the employer and the employee” (47%). However, one in five respondents (22%) would blame the company exclusively if a data breach occurred.

Oliver outlines five easy-to-implement cybersecurity practices for businesses of all types:

  • Ensure your employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication.
  • Secure your email by training your staff to identify signs of phishing, especially when an email contains attachments and links.
  • Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
  • Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been appropriately verified.
  • Encrypt files to avoid data leaks. Even if encrypted files are stolen from company computers, hackers won’t be able to access their content and threaten you with exposing the data publicly.