Why People are every business’ weakest security link
When it comes to assessing the potential weaknesses in your business’ cyber security strategy, one element that you need to pay particularly close attention to isn’t the technology – it’s the people using it. People are usually referred as the weakest security link of a network.
People are unpredictable, will usually favour convenience over security and, even with the best will in the world, are always prone to mistakes. Therefore, no cyber security strategy is complete without a comprehensive plan to safeguard a network from its own users, from frequent training to restrictions on what employees can and can’t do with business data and applications.
the social engineering weaknesses
One of the biggest problems to tackle is the threat of social engineering, or criminals tricking users into handing over sensitive data. This is often a highly effective method of accessing a network, as it does not require much technical knowledge and, if done effectively, can bypass even the most well-protected systems.
Among the most common social engineering threats to businesses is ‘phishing’, which aims to entice users into downloading malware or entering sensitive login details on a fake website. These come in many forms, but usually urge the recipient to take action that involves handing over confidential details.
There is also the more sophisticated ‘spear
phishing’ threat to contend with. This works by targeting individuals with more
specific, personalised messages in order to improve the odds of success. After
all, if an email appears to be directed at you personally and seems to come
from someone you know, you’re naturally less likely to be sceptical of it.
Other common user errors criminals can take
advantage of include people’s habit of choosing weak or repeated passwords.
Despite continued warnings, many users will persist in practices such as
reusing passwords or choosing easily-guessed login details, which can be a gift
to any cyber criminal.
right solutions to tackle human errors
Dealing with these threats requires a range of IT Security Solutions, with technology tools and specific security training must-haves. And you need to make sure that whatever messages and practices you’re focusing on are sinking in.
For example, when it comes to the problem of
passwords, traditional approaches such as requiring frequent changes and
mandating the use of numbers and special characters are unlikely to be
effective. This tactic is only likely to frustrate users, who will struggle to
come up with memorable passwords that meet the criteria, so they are likely to
fall into bad habits, such as reusing existing passwords with minor changes.
Instead, the use of password management
software, which can create and remember complex, unique credentials, is likely
to not only be more secure, but also more user-friendly.
When it comes to training, it’s also not
enough to just explain once what your employees’ responsibilities are. You need
to be frequently repeating and revising sessions, as well as running tests to
ensure the messages are getting through. This could range from quizzes to test
scenarios, such as sending your own ‘phishing’ emails to employees to see who
still falls for it.
Ultimately, it won’t matter how much you spend on technology solutions if your staff aren’t fully cyber aware. But with the right training strategy and technical support, you can ensure you’re minimising the risks posed by the weakest security link.
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.