Skip to main content
Cyber News

Why veterinary practice employees violate cybersecurity policies

By January 24, 2022June 9th, 2022No Comments

In response to recent high-profile cyberattacks that have resulted in entire industries being paralyzed by ransomware attacks and payment of millions of dollars to cybercriminals, investment into cybersecurity has skyrocketed.

Unfortunately, these efforts have failed to address the core cause of cybersecurity risk that creates vulnerabilities and leads to the success of these cyberattacks. While cybersecurity experts toil to create a better, smarter and safer environment where cybercriminals can be kept at bay, the human factor still remains unaddressed. This is because humans, unlike technology, are unpredictable, and the risk they bring into the system cannot be programmed away.

Cybersecurity experts working in the veterinary practice industry also recognize the cybersecurity risks that humans cause, and that is why cybersecurity policies are implemented. These policies are meant to provide clear guidelines to veterinary practice employees and prevent them from making errors and mistakes that expose computer systems to risks such as ransomware attacks. These policies also aim to eliminate common mistakes that people usually make when interacting with computers.

Unfortunately, even with clearly written guidelines, veterinary practice employees are still prone to making the same mistake that exposes the entire network to cybersecurity risks. To put it succinctly, the employees remain the weakest link in the cybersecurity chain and most successful attacks aimed at veterinary practices are a result of them dropping the ball.

Why do the employees violate cybersecurity policies?

Most practice owners who have been attacked by cybercriminals in the past know the risk that people pose in the networks. However, one thing that escapes them is why did the employees not follow the laid-out protocols that would have prevented the attacks and kept the veterinary practice safe from the cybercriminals.

  1. Employees do not violate cybersecurity policies out of malice

 Surprisingly, most employees who have dropped the ball in the past, and resulted in a veterinary practice being attacked did not do it out of malice.

Recent research that was published in the Harvard Business Review found the top three reasons why most employees violate their cybersecurity policies were “to better accomplish tasks for my job,” “to get something I needed,” and “to help others get their work done.”

These findings indicated that most employees who ended up putting their place of work at risk of getting attacked by cybercriminals did not comprehend the magnitude of risks they were putting their organizations in. They violated these policies mostly because they hindered the process of work they were used to, and simply wanted to be more efficient.

Veterinary practices that end up being compromised as a result of employees failing to follow the guidelines, will also mostly be due to the three reasons that employees gave during the research carried out by Harvard.

Unfortunately, that is not to say that some employees will not try to harm your veterinary practice out of malice. The research by Harvard actually showed that 3 percent of cybersecurity policy violations were due to employees wanting to harm their place of work.

2. Violation may be due to employee attempt to balance security and productivity

There is a middle ground between ignorance and malice, where veterinary practice employees violate cybersecurity policies as they attempt to balance security and productivity.

 In many cases when a veterinary practice is compromised, practice owners mostly assume that security violations were due to malicious intent or unintentional. What many do not consider is a middle ground, where employees feel that the policies put in place are making them inefficient, and they look for ways to improve their productivity by being selective of the types of cybersecurity policies they follow or violate.

 Practice owners and some cybersecurity experts also design their policies based on the two assumptions, without realizing that there is a middle ground where the violation does not have to be malicious or unintentional. The result is more policies that do not address the main concerns of employees such as how they can maintain productivity while still being security conscious.

3. Altruism

According to the research by Harvard, the third reason was given as to why employees violate cybersecurity policies was the need to help their fellow employees.

 This need to do good by most employees, although not bad in many circumstances, becomes a major security risk and a top reason to violate the policies that further make veterinary practices vulnerable to cyber attacks.

 Cybercriminals also recognize this fact, and most of their modes of attacks, including phishing and social engineering are exclusively designed to exploit employees’ altruism and get access to networks and computer systems.

4. Employees jobs and cybersecurity are intertwined

 Most practice owners fail to understand that most jobs that their employees carry out on a daily basis are intertwined with cybersecurity, thereby implementing cybersecurity policies only adds to their workload. For instance, some cybersecurity policies hinder the productivity of employees, and compliance with these policies means that the employees have to do an extra shift on top of what they are hired to do, increasing room for errors.

 Also, most veterinary practices do not incentivize cybersecurity policies compliance, alongside other performance metrics, thereby most employees want to do their jobs as fast as possible to meet their goals, increasing the chances of them violating cybersecurity policies.

Solutions to solving cybersecurity violations

Practice owners need to come up with better policies that incentivize their employees to follow policies. This includes realizing that some job designs in their veterinary practices are intertwined with cybersecurity, which adds more workload to employees, and can result in them compromising the policies in a bid to be more productive.

 Cybersecurity experts should also come up with better policies and training of employees is paramount in ensuring that these policies are not violated. In most instances where policies are violated, it is not done out of malice, and hence policies should not be made to punish but to prevent employees from making mistakes that can lead to cyber attacks.

Need help creating a better cyber security policy in your veterinary hospital?

Schedule a FREE Call today to see how Lucca Veterinary Data Security can help you and your staff stay safe and productive!