The Human Factor In IT Security

It’s amazing, isn’t it?

You check your spam filter, and before you clear it you find among the junk an email claiming to be from the US Marine Corps, a UN ambassador, or that classic Nigerian Prince.

I’ve even gotten one claiming to have been sent from Melania Trump herself, telling me that I have $20 million from a west African bank sitting on her desk at the White House.

Nonsense right? Nobody in their right mind would fall for something this ridiculous, right?

Maybe not.

After all, these emails are still going around, more than 20 years after it became commonplace to have an email address. And if nobody fell for them, you’d assume people would stop sending them out.

And yet, they still exist.

Email auto-senders are cheap and easy to come by, and it only takes one sucker to fall for it. But this outlines one of the most important issues in IT security, or security in general: the human factor.

You can run all the risk analyses and penetration tests you like, but the human factor can still leave you vulnerable to security breaches if you aren’t careful.

What Is The Human Factor?

Think of it this way. You’re the manager of your local bank branch. As your shift wraps up for the day, you close down the bank, shut down the computers and get in your car to go home and enjoy the evening with your family.

You come in to work the next morning and find the place has been ransacked, the vault emptied, and anything of value hauled out the door.

Why didn’t anyone tell you? Turns out, you forgot to lock the front door and turn on the security system.

Does this mean the bank isn’t secure? No, far from it. It has some of the latest top of the line security and theft deterrent systems installed. You just made an unfortunate and costly mistake.

IT security is like that too.

We have this image of a hacker being someone in a balaclava sitting behind a computer screen and tearing through line after line of code, trying to find a security vulnerability so they can break into a system and steal whatever is worth stealing.

And while these people and situations do exist (minus the balaclava, maybe), the truth is it’s generally not the systems itself that are the problem.

It’s the people using them.

After all, why spend your time learning how to crack a safe when you can just wait until someone misplaces their key?

Most companies don’t want to admit it, but the vast majority of cyber attacks are a direct result of human error. The last time IBM investigated this issue, they discovered that 95 percent of cyber attacks, data breaches, and other IT security issues were a direct result of a human screwing up at some point in the chain.

What Does Human Error Look Like?

One example is clicking on a phishing link from an email. If you aren’t training your staff members on how to recognize a phishing email, especially your older staff members who haven’t grown up in digital environments, you may be exposing your company to security risks.

However, there’s more to it than that.

Neglecting to apply the latest patches to your software or hardware, for example, can leave you vulnerable to known and obvious attack vectors. So can misconfigured network devices or cloud servers.

But one of the most common examples of human error are using a weak combination of username and password.

For example, many companies have a consistent system they use when it comes to giving user names to staff. They may choose the first initial of your first name, and the first four digits of your last name, for example.

You can often tell this from an email correspondence with anyone in the company, since many companies will use their email addresses as their usernames as well. Once an attacker has figured out the username format, they can use the usernames they have and combine them with the most common passwords online.

These include passwords like "password", "12345", "123456789", and "987654321". While it may seem painfully obvious that you should NOT use such easy passwords, not everybody got the memo.

So if your company has an easy to guess username format and no system to ensure your passwords are difficult to crack, you’re leaving yourself vulnerable.

These are some, but by no means all, of the most common examples you can find for why your own staff provided the point of entry for a hacker.

Contact 1st Secure IT

Are you running a growing enterprise and aren’t sure whether you can keep up with your IT needs?

Concerned that your IT security infrastructure isn’t protecting you the way it should?

Contact 1st Secure IT today.

Our team of experienced IT security consultants can help you understand your weaknesses and shore up your defenses to leave you better protected against the bad guys out there.

The IT world can be frightening, but you don’t need to face it alone. Contact 1st Secure IT today.

1st Secure IT

4613 N. University Drive #323
Coral Springs Florida
(866) 735-3369

Cyber Security Risk Management and Consulting Services | 1st Secure IT | When Compliance Is Not Enough

The Business Email Compromise Scam: What Is It And...
4 Reasons You Need To Be PCI DSS Compliant


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, 19 August 2019

If you need help getting started... Contact Us!