This post is part of our 2023 cybersecurity prediction series.
Alec Nuñez, Director of Business Compliance, Poll Everywhere
Human Error Continues to be a Leading Factor in Data Breaches
Human element breaches aren’t going anywhere in 2023. These breaches were the largest driver of attacks last year, and as much as hopes are high that these human-error incidents will decrease - we just aren’t there yet. As employees continue to work from home, following security protocols seems to be almost a nuisance; we’ve seen and foresee still many breaches that could have been easily avoided with following the proper security steps that employees are not abiding by. Especially as more companies shift to remote work, we will continue to see human error breaches as one of the top attack drivers moving forward.
Security Training and Education Programs
In 2023, comprehensive security training and education will become a necessity for all employees, regardless of tenure and department. While it is common for new hires to go through training, it will be important to continue training and educating. Companies must offer resources so there is a foundational level of knowledge. Without adequate and updated training for remote workers, the chance of a security breach increases. Companies transitioning to a fully remote or hybrid workforce will be pushed toward a widespread education initiative, especially as the majority of businesses do not realize what security tools or education they need in a new work environment until they experience a breach or attack. Across the board, more security tools and education programs will be used to protect employee and client information.
Mitigating the Risk Posed by Remote Work with Security Tools
In 2023, the more secure form of two-factor authentication that will emerge is a physical, phishing-proof security key that can be used in a variety of ways, including single sign-on and multi-factor authentication. This key provides more security than a password alone and can thwart various forms of phishing that aim to steal two-factor authentication codes. When it comes to protecting accounts and passwords, security keys offer the strongest layer of defense. Since there is no local storage of any account or personal data, an employee may also use the same key for several accounts. No one will be able to access the data on the key and use it to link another device to an account in the event that it is stolen, lost, or misplaced. An organization administrator can disable access for a user who has left the organization by signing in and selecting "delete" from the user's profile. In 2023, physical security keys will be the new, safer choice.