COMP 212- WEEK 16

EMPLOYEE NEGLIGENCE
A CAUSE OF CONCERN FOR CYBER SECURITY
Presented by: Mr. Jayson L. Lagrimas
Credits To: Ms. Jermaine Anne Tarriela

01/21/2021
 A Cause for Concern Employee Negligence

01/21/2021
 The Number One Cause
• The lack of awareness or negligence regarding
cybersecurity among staff can lead to dramatic
consequences for the organization
• According to a published report by
Carmen Reinicke in 2018. The biggest cybersecurity
risk to US businesses is employee negligence, study
• Employees who are not properly trained about cyber
security lures a lot of hackers to into compromising
and getting this sensitive information

01/21/2021
 HUMAN ERROR
• Just like in any industry, CYBER SECURITY is also a
subject of human error. Negligence is a human error
—any unintended or accidental action. It is
emerging as one of the prominent causes of
security incidents

• Negligence is an avoidable error but demands

proper attention of business owners and the
precision of employees handling sensitive data. To
achieve a reasonable level of mitigation

01/21/2021
3 Types Of Employees That Can Cause A Data Breach

01/21/2021
 INNOCENT ACTIONS
• When it comes to breach of data, innocent workers
can cause as much damage as malicious hackers;.
The lack of knowledge and competency of
employees is a serious threat for information
security. Sometimes an innocent action causes a
major consequences and poses a grave threat

• Example: a bank employee inadvertently and without

malicious intent” downloaded sensitive data onto a
personal storage device.

01/21/2021
 Careless or negligent?
• When an employee does not give a care about
his/her information being compromised or if the
employee does not take immediate action on how to
manage information. This is a recipe for disaster
which will lead to company losing millions in profit

• Example: Employees not backing up data, Employee

neglecting error warning or employee using
inadvertently accessing restricted website

01/21/2021
 MALICIOUS
• Unfortunately, as well as human error, malicious
actions by employees also play a part in insider data
breaches. Employees with knowledge and intent to
compromise information is very dangerous, they are
actually more dangerous than external threats or
hackers. In some cases this leads to company
espionage and trade war of information

01/21/2021
 Example

01/21/2021
 Threat and Impact of Negligence 
• System misconfigurations, poor patch management
practices, and poor password management
practices are a few examples where highly skilled
system and network administrators commit
unintended mistakes. To guard the security
infrastructure, organizations can put up numerous
security controls as well as act on continuous
controls and compliance.

01/21/2021
5 Common Negligence by EC Council
1. Falling for Phishing Attacks
• When an employee opens an email containing malicious content
• How to Avoid
• Establishing a security-centric culture is more beneficial than
merely talking about the importance of cybersecurity at the time
of hiring
• Regularly run phishing simulation tests can help the employees
to follow pre-defined security policies. It will also help you
identify high-risk users so that you can work with them
individually. 
• Implementing filters and anti-spamming tools will create a safe
environment for the employees. 

01/21/2021
5 Common Negligence by EC Council
2. Poor Password Practices
-When an employee has a poor password management or a
lack thereof is a risky practice. This can lead to
ccompromising sensitive information

Examples of such practice

1. Having to have the same login credentials
2. Sharing password with other employee
3. Saving password on computers as text file
4. Using obvious passwords
5. Not updating passwords regularly
01/21/2021
 How To Avoid
• Organizing awareness sessions regarding the best
password practices. 
• Providing tips on login screens such as “Never store
your password in an accessible place.”
• Using password management tool to generate
complex passwords. Also, using a password
expiration tool that can remind you to update your
passwords regularly.

01/21/2021
5 Common Negligence by EC Council
3. Incorrect Management of Privileged User Accounts
• High privilege accounts are sometimes poorly managed,
often this cause by the lack of experience and technical
expertise of privilege account users. Such practices
make admin accounts an easy target for cybercriminals.
Once compromised, the attackers can bypass secure
networks to access sensitive data. 

01/21/2021
 How to Avoid
• Restricting all accounts to least-privilege features—
minimizes the risk of compromising admin credentials
and then losing sensitive data to cyber attackers. 
• Ensuring availability of high-privilege features on an “as-
need” basis instead of granting a few accounts with all
the administrative rights. 
• Having multi-factor authentication limits unauthorized
users to access data.
• Ensuring admin accounts should be limited to
alter/access only a few specific sections of the entire
infrastructure. 
01/21/2021
5 Common Negligence by EC Council
4. Unauthorized Users Having Access to Corporate
Devices
• When employee let their friends and family members
access their employer-issued devices . These unauthorized
users will get access to sensitive data as well as they can
download malware by mistake
• How to Avoid
• Enforcing a detailed security plan that states dos and don’ts.
Team leaders must actively participate
• Ensuring corporate devices have a two-factor
authentication to access any sensitive data. For
implementing the stated, use proper security controls.
01/21/2021
5 Common Negligence by EC Council
5. Misdelivery- Employees sending an sensitive
information to wrong recipients fall under the
category of “misdelivery.” This is one of the most
challenging errors to avoid.  

01/21/2021
 How to Avoid
• Enforcing encryption can help against accidental
disclosure. 
• Using pop-up dialog boxes will help remind senders
to double–check the recipient’s address, especially
when sending sensitive data. 
• Using Data Loss Prevention (DLP) solutions can help
limit information leakage when data are sent out of
the corporate circuit. 

01/21/2021
 References
• https://www.insurancejournal.com/news/national/2017/03/01/443270.htm
 
• https://armis.com/wannacry/ 
• https://www.cygnussystems.com/three-ways-your-employees-will-invite-
hackers-into-your-network/ 
• https://news.bloomberglaw.com/class-action/capital-one-hit-with-first-
class-action-over-security-breach 
• https://enterprise.verizon.com/resources/reports/DBIR_2018_Report.pdf 
•  https://www.proofpoint.com/us/resources/white-papers/user-risk-report 
• https://blog.eccouncil.org/negligence-the-number-one-cause-leading-to-
cyberattacks/
• https://www.welivesecurity.com/2017/05/26/3-types-employees-cause-
data-breach/

01/21/2021