Preventing Errors: The Human Factor in Cyber Security

It seems that no matter how advanced cyber security systems get over time, the human factor always remains the greatest liability. When it comes to cyber attacks, most of the time the breach happened due to an employee’s misjudgment, carelessness, or simply lack of knowledge.

According to a research conducted by BakerHostetler that observed the causes of major security breaches in 2016, 24% of them were caused by employees‘ actions or mistakes. On top of that, 31% of issues happened because of malware, which could easily be counted among employees‘ mistakes. So, in total, over half of all security problems come from human errors. That is something that shouldn’t be ignored, especially in today’s world where the threat of cyber attacks is at an all-time high.

To keep this human factor at a manageable minimum, companies need to educate their employees and follow certain guidelines. Here is a list of things they should focus on.

Phishing

We’ve already mentioned that the staggering amount of attacks come from phishing malware. This is the most commonly used online scam that can cause anything from small data leak, to complete security breach depending on the intentions of the hacker. Most of the time, phishing emails come in the form of a normal message, imitating a real company or a professional, and ask the user to click on one of the links that are buried in the text. Once the user does that, the link uploads malware or a virus and infiltrates the victim’s system.

So, what can companies do about this threat? Well, the single most important thing they can do is educate their workers to recognize phishing emails. Most of the time, it’s just a matter of focusing on the details. Return Path blog offers a couple of quite useful pieces of advice:

• Don’t fall for panic-inducing words in the subject line. It is most likely a trick to get you to ignore your better judgment and click without reading through the email.
• Check for spelling mistakes in the email since real, professional companies don’t allow such mistakes.
• Inspect the signature at the end and see whether the reply address corresponds to the sender’s address.
• Hover over the included link to see the link’s destination in the bottom left of your browser. That way you can spot a fake location.
• Obviously, the most important advice of all – always be on the lookout and don’t believe everything you read.

BYOD Policy

One of the biggest problems for cyber security is the BYOD policy that so many companies use to save up on money. BYOD stands for bring your own device principle where companies ask their employees to use their own equipment for work, both while at work and home. This is a bad practice because of the sensitive company data that could be disclosed through hacking or physical theft.

If they don’t want to suspend their BYOD practices, companies could invest in more security measures. Security Magazine suggests, among other things, introducing a mechanism that detects the device’s integrity that causes company any damage. Besides that, it’s necessary to give the company the ability to wipe any sensitive data remotely and constantly monitor the use of devices. Although this might seem extreme, it’s necessary if they want to adhere to the BYOD principle.

While most of the cyber security agencies out there can track all of the users at all times, the companies also need to work on promoting individual responsibility. Employees need to be reminded that their risks are also company’s risks when they carry around work-related devices. This realization alone can help companies evade many potential security breaches.

Authentication

The problem with humans, unlike any machines, is that they’re inherently lazy and always looking for the simplest option. While it may work in certain parts of life, it is quite risky when it comes to security. Namely, most people use regular passwords, often consisting of easily searchable names or terms. Experienced hackers can easily crack these passwords and infiltrate the user’s system. Most of the time, they use social engineering to collect the necessary information and seize control.

That is why it’s important to use at least a 2-factor authentication whenever possible. The website Core states that this principle verifies a person by using three main elements – something that a person knows, something that he has, and something that he is. The first element checks whether you know the password or a PIN number. The second element looks for a physical object that will identify you like an identity card or a mobile phone. Finally, the third part uses biometrics to scan your face or eye for validation.

Some might say that the third part (biometrics) might cost the company too much. However, that is simply not true. iPhone already introduced the face-scan feature in their latest product, while they had the fingerprint method for years. Therefore, implementing this technology shouldn’t be a problem and is a good investment for the future.

Ethical Hackers

One of the best ways for companies to test their cyber security and the employees’ prudence is to hire ethical hackers. These security experts constantly test the security systems to find the holes and patch them. Admittedly, these hackers aren’t exactly cheap. The Telegraph states that some of the better ones can easily earn six figures. However, this should be considered an investment as they can save up much more in the long run. Ethical hackers can even hack individual employees and offer them priceless feedbacks.

In the end, it all comes down to educating the employees to become a little bit more aware of their role in the company’s security. If they practice caution, employees can easily avoid falling for phishing emails and be more responsible with the devices they use for work. Besides that, ethical hackers can show them all their security risks and help them get on board with two-factor authentication. Hopefully, in the future, the human factor will be a bit less of a liability on the web.