The weakest link in most security schemes is the human. We know that there are regular breaches of trust by employees, mistakes made (fat fingers, misconfigurations and more), and supposed favors done by someone with trusted access that send data to criminals. Social engineering, in a variety of forms, preys on the trusting nature of most people to gain unauthorized access, and unfortunately, it often works.
Part of social engineering is the inherent trust for others that most of us have. Part of it is the desire that most people have to help others. However I think a part of it is also the attitude that many workers have when they aren’t treated well. When employees don’t feel they are a part of the company family and just work for a paycheck, they are less vigilant or caring about safeguarding the digital assets, and sometimes physical assets, of the company.
If you had more pride in your employer, wouldn’t you be a little more careful in caring for the company and its assets? I think most people would. I don’t have any data on this, but I bet that the companies where people take pride in their work are more secure. Employees probably know more about each other, and problem recognize a larger percentage of the company. Workers will be a little more observant and protective if they feel that the company is “theirs.”
One of the best things management can do to raise the level of security at the company, and build a better organization, is to ensure they are creating an environment that people enjoy and take pride in. That comes from showing respect, consideration, and fair treatment of all employees. It’s not even that hard to do, just be a decent human that does what’s best for everyone in the company, not just for the CEO.