The office of the Australian Information Commissioner ran
Human error is not a surprise within the security industry; human error has long been known to be the weakest link when it comes to IT security of
(no matter what size) a business. If you’re not acting on this vulnerability you will be left behind.
There are multiple protection measures that you can put in place to diminish the risk or human error however, if the company doesn’t act upon educating it’s employees then the business is most likely to fall victim to an attack no matter how good their technology is. It’s therefore extremely crucial that business leaders can step back and understand the ways which employees contribute to risk and, therefore, gain a better understanding on how to combat these vulnerability in a way in which you aren’t blaming the employees because human error happens across the world and it’s on the employer to mitigate company risks.
5 ways employees contribute to human error:
1.Lack Of Understanding
The earnest is not on the employee to be across the entire companies security policy in their own time – let’s be honest, no employer has an initiation to a position where they go through the company’s digital policy. For example, they may be sharing things with colleagues on Facebook or LinkedIn rather than secure channels that are safe. In the mind of the employee, this is the fastest and more productive channel and they are trying to do right by the employer and get the job done, however, they may not know that this goes against the company’s security policy.
2.Lack Of Attention
Attackers understand that Employees are busy trying to get their job done at a fast and efficient level and this is the open door advantage to hackers, especially phishing attackers. Whilst employees are at their busiest period an attacker may send an email that seems from a legitimate source and a link may be clicked and go to nothing, employee thinks they can just close the window and move on to the next task but little do they know the entrance has already occurred.
3.Lack of Complexity
Generally you should be changing your password every 2-3 months. However, honestly, employees don’t really care about that password and will create something like “Password1” for the first change followed by “Password2” in their next change. This makes it extremely easy for cybercriminals to gain access to the network.
This is incredibly tough but it’s a common mistake that leads to vulnerabilities within your network. Unknown laptops, USB drives that are unsecured being plugged into your network can leave the business wide open. It’s imperative to put in place specific policies around these actions and communicate them regularly and clearly to employees, “regularly” is the key word.
Bring Your Own Device otherwise known as BYOD is a model which employees are allow to bring their own device. We just did an article on this subject ‘Controlling Laptop and Smartphone Access to Corporate Networks With SonicWall‘. This model can blur the lines between business and personal information, it creates clear potential for non-compliance with privacy legislation.
If you would like consultation how you can mitigate human error within your business contact us. We have also, have a ‘Security Policy Template’ that you can utilise for free!
Other Articles You May Enjoy:
Australia Passes Anti-Encryption Bill (Everything You Need to Know)
10 Reasons Your Business Benefits With MSP
Trend Micro Cloud Email Gateway (key features)
Australia’s Think Tank Has Been Hit By a Chinese Cyber Attack