The Titanic was “unsinkable,” they said. No one envisioned the collapse of the Twin Towers at the World Trade Center. Yet, both structures had been built with exact precision, every detail meticulously planned.
What left these behemoths with vulnerable weak points? Humans.
What does this have to do with cybersecurity? A lot, actually.
We talk a lot here about the importance of secure servers, vulnerability scanning and PCI compliance. But the reality is, the biggest weakness for a business’ cyber security system isn’t a porous firewall or lack of security measures. It’s something that’s harder to control: the human factor.
A business can take all the precautions in the world to protect their data from hackers, but if they haven’t educated and trained their employees in cybersecurity policies and procedures, the best firewalls money can buy won’t do any good.
According to IBM’s 2014 Cyber Security Intelligence Index, 95 percent of all security incidents involved human error. That means it wasn’t a system failure that resulted in a data breach. It was the actions of someone within the company who gave hackers access to their business’ servers.
How does that happen? A number of different scenarios are possible. Two common examples include hackers gaining access to an unsecure computer through malware disguised as a legitimate link, or through default usernames and passwords.
But one of the more sophisticated mistakes falls on good old fashioned human curiosity. Hackers, you see, practice clever techniques designed to lure a computer user to unknowingly give them access to their device. This usually involves phishing scams (when hackers use emails to trick users to, for example, log into a fake bank account to get them to give over their account information), social engineering (casually asking for access to a wi-fi network), sending infected attachments in an email that when opened launches malware, or downright figuring out your passwords.
Other risks include the use of unsecure file-sharing sites, public wi-fi and poor patch management practices for updates such as adobe or java, which can leave computers vulnerable to hackers.
Even the best employee could unknowingly let a cyber predator in.
What can a company do to stem the risk of human error? Education, education, education.
Training employees in a company’s cybersecurity policies and procedures can go a long way to helping them avoid making security errors. Keeping them abreast of cyber security trends and threats in their industry can also help.
Here’s some basic tips employees can do to be more cyber secure at work:
- Change your passwords regularly and often. Make each one unique, with numbers, characters and capitalized letters.
- Employees should never use public wi-fi on a work computer. It’s just not secure.
- Avoid using unsecure file-sharing sites to store and share company documents and data.
- Gut check: if something seems off in an email, an employee should check with a supervisor in before clicking on any links or attachments.
- Patch management: teach employees to maintain software updates when prompted to reduce vulnerability from known software weaknesses such as worms and malicious code.
By raising awareness to carelessness, social engineering and best practices, the risk of the human factor in cyber security can be greatly reduced.