Are employees the weakest link in the security chain?
A conscientious business can take all the security measures in the world and still have to deal with the occasional breach.
After all, there are countless ways to ensure cyber security, from keeping software up to date, to setting up two-factor authentications and installing anti-virus software. However, the link in the chain that is often hardest to control is the one that is not automated – your staff.
As much as they will undoubtedly work hard to minimise risks, employees represent one of the biggest risks to cyber security for any company.
Fortunately, you can take steps to help minimise the risk they represent, and further protect your data and brand from security breaches.
Humans are prone to phishing scams
Phishing scams are increasing not just in number, but in sophistication. No longer are phishing scams as easy to spot as they once were, as hackers use advanced methods to make these scams look legitimate – especially to a busy, distracted worker.
These scams most often mimic the look and tone of major banks, social media sites, government agencies, and other notable organisations. They lead the recipient to enter an array of sensitive details, from passport details to banking information to social media passwords, which can be used by scammers to access more information and cause harm.
Employee training is often key in avoiding phishing scams, as staff must be aware that not only are these scams common, they can cause real harm.
Humans struggle to remember passwords
In these modern times, everything from your library card to your tax account requires a password. Without a memory of steel, few humans could ever be expected to remember unique passwords for all of the online log-ins that require them.
This presents several problems. One is the obvious point that many of us will end up physically writing down passwords, creating a paper trail that could go missing and end up in the wrong hands.
Another problem is that we often end up using the same password across multiple accounts. Should that account of low importance (such as a library card) be hacked, scammers will suddenly have the password for any number of accounts of a much more sensitive nature.
If nothing else, ensure your employees have separate passwords for work and private life.
Humans ignore updates and patches
Between deadlines, meetings, calls, and the general hustle and bustle of a working week, it’s all too easy to ignore the pop up that calls for an update or a patch on workplace software.
While the IT department might know better, the general workforce may not put these vital updates on their must-do lists, which can result in weakened security across the board.
Again, this comes down to training, and regular reminders from a source more authoritative than a little pop up on a screen.
Humans have their own devices
From cell phones to tablets to laptops, many people have at least a couple of personal devices they use outside work – but sometimes these devices will crossover into the realm of professional lives.
This simple act of convenience becomes a security issue for many reasons. Perhaps they lose or have their device stolen with sensitive work information within it. Perhaps their private devices don’t have the same levels of security as official work devices, or perhaps they are lax about their updates or security systems on their devices.
Ensure your employees know to keep their private devices completely separate from their official work duties.
Humans are undoubtedly some of the best assets in any business – if not the very best. Unfortunately, they can also be the weak link when it comes to ensuring your cyber security is as impenetrable as possible. CANDA offers consultancy services and other assessments, products, and advice that can help you get your security on the right track.
