The Human Factor: A Key Risk in Cyber Security

The current situation has caused many workers to carry out their workday from home. This has brought several advantages, but also some setbacks, such as the issue of cybersecurity.

In particular, the main security breach that occurs in companies is through their employees, performing daily actions that have no apparent risk. Studies state that 24% of cybercrimes originate from human error. This is unaffordable for many companies that see a threat in the digital leap.

Any internet user can be a victim of cybercrime, but now that we have transitioned to the home office, it has become increasingly prevalent. Knowing that no one is 100% safe from a virtual attack is crucial to maintaining a realistic and cautious attitude when browsing the Internet. This can also be applied to companies, for which a cyber attack can be deadly.

 

What is the ‘human factor’ of cybersecurity?

Although we live surrounded by intelligent machines that perform extremely complex operations in a matter of seconds, we still need the human hand to start them. In terms of security, this is always synonymous with risk, since cybercriminals take advantage of those actions or events in which people make mistakes. Contrary to popular belief, hackers do not use weak points in a system, instead they often wait for human error.

The most common practices are:

Phishing – a method by which criminals imitate a communication from a bank or company so that the user gives them their passwords).

Smishing – sending fraudulent SMS requesting to click on a link or loss or theft of devices.

 

Why is this important for companies?

Every year, companies heavily invest in the latest technology to gain tight security. Yet at the same time, cybercriminals are developing and launching new techniques to defeat these technologies, and many times they win the battle.

This is because most hackers take advantage of human slip-ups . Several studies suggest that a large part of the security breaches that take place in companies’ computer systems are due to mistakes made by their own workers . 

Not only is the compromised information of a company and its customers at stake, but it can also have a very high reputational cost from which it is tremendously difficult to recover. In 2016, the Ponemon Institute put losses from these types of crimes at $4 million.

Finally, the target of cybercriminals is not always large multinationals: on the contrary, SMEs are usually a perfect target as they tend to use technology more vulnerable to this type of crime and less protective against an attack. In the corporate world, no one is safe from cyberattacks.

How do I avoid an attack?

Fortunately, there are some precautions we can take to avoid exposing ourselves to greater risk than necessary. Although there is no one-size-fits-all solution, there are some guidelines that will act as a safety barrier against mistakes or human error.

1 | Passwords

Passwords are one of the most important security elements. Using secure password managers will help keep everything in order while facilitating the employees’ day-to-day life and maintaining basic security.

2 | Encryption

One of the main security breaches caused by human error is the loss or theft of devices that contain sensitive information. This is especially dangerous as many organisations have compromised data on their employees’ computers and on external storage media, such as external memories, pen drives, etc. 

For this reason, it is very convenient to encrypt. In the words of the RAE, encryption is the process by which “data is hidden by means of a key so that it cannot be interpreted by those who do not have it.” Most computers have the option to encrypt and there are several tools and businesses that specialise in encryption to help them along their way. 

3 | Cybersecurity Training 

As for other occupational hazards, training and education of the workforce is everything. Training aware and committed employees is going to give them the tools and knowledge to handle information safely, an obligation that all companies have today. In addition, it is important to keep these training programs up-to-date and complete them as cyber threats evolve. 

4 | Monitor system changes

There is some software specialised in tracking changes made within a system. This is especially useful, since in a comprehensive and secure way, the modifications of a component can be accessed with just a simple glance. It is an automatic process that can be customised to receive alerts whenever a change occurs to know:

  • Who has made the change.
  • What changes have been made.
  • When and where they took place.
  • How it has been carried out.

There are several options that currently exist on the market and all offer a higher level of security against virtual threats.

Related articles:

Sign up to our newsletter

Stay up to date with all the latest news