Corporate Security: How to Deal with Human Factor?

Hacks, worms, malware and viruses are never far from the headlines. Corporations across the globe spent small fortunes every year trying to protect their systems from such problems but there is one major aspect that gets overlooked: the human factor in cyber security.

A company can have the most sophisticated system in place, but many of the major vulnerabilities lay with the people who are regularly using them. Study after study has highlighted the human factor in cyber security as a problem, yet still it remains. So how do you deal with this issue?

Develop stronger systems

Perhaps one solution is to take the employee out of the equation. Workers already know what they should and shouldn’t do, but one small lapse could bring chaos to the entire system. In his expert analysis, Dr JR Reagan of Deloitte Touche Tohmatsu Limited, suggests in the future the emphasis should be on developing systems that can successfully identify phishing e-mails and prevent bad links from being opened, but as these innovations are some way off, corporations need to find a way to address these issues here and now.

Raise staff awareness

Research shows that not nearly enough staff regard IT security as an issue, and if this problem is not addressed, it doesn’t matter how much of its budget a company spends on securing its systems.

From the smallest law farm to the biggest corporation, every company should have firm protocols that staff should be aware of. Employees should know what they need to do to help prevent a security breach, but they should also be informed how to act if they suspect a breach might have occurred.

From the smallest law farm to the biggest corporation, every company should have firm protocols that staff should be aware of. Employees should know what they need to do to help prevent a security breach, but they should also be informed how to act if they suspect a breach might have occurred.

Curb Social Media Use

Protocols will vary from corporation to corporation, but there is one area every firm needs to toughen up on: social media. One way of effectively managing the human factor and reducing the risk to security is curbing the use of social media. Obviously, this is a move that won’t be popular with some employees, but it’s far too tempting to click on a harmless looking link on Facebook or Twitter, which could introduce malware.

If a corporation doesn’t want to limit the use of social media, then staff need to be aware of the basic rule: no clicking on links if they don’t know where they are leading to.

Security Reviews

Another way to successfully deal with the human factor in cyber security is to regularly review their current systems. Security experts say too many firms wait until they have had a security alert before they review the measures they have in place. Are they adequate to contend with the next big virus or a newly discovered security flaw and human error?

Another factor that companies often fail to consider is the security providers themselves. Their ability to manage the latest threats and possible beaches should be monitored, and if it is felt they aren’t proactive enough, it’s time to find another firm.

Protect mobile devices

Today, corporations are more dependent on mobile devices than they ever were before; the same applies to the staff. Mobile devices are now a fact of life, which is why it’s fortunate there is plenty that can be done to enhance their security.

Corporations – and their employees – should eliminate the ‘human factor’ where they can and have application and device controls installed for an added layer of protection. Removable devices like data sticks should be encrypted, and each mobile device should have some form of guard against malware and viruses.

Analyse the security budget

Another way of tackling the pressing issue of the human factor is to take a look at the security budget and how it is distributed. Could it be better used to shore up the security system and protect your firm from vulnerabilities? Where possible, enhance the system to take the responsibility away from staff, and have measures in place should human error occur.

Hacks, viruses and malware cost businesses billions every year. While every firm should have security measures in place, businesses of all sizes should look beyond this and empower themselves against the human factor.

Don’t Want to Put Your Company at Risk? Avoid These 5 Bad Security Habits

The first thing to tell you is that users typically have lots of bad habits which can put the company at risk. The reason for this is primarily because they have not had appropriate training, they are unaware of the risks, and perhaps they are complacent. In many organizations employees’ interaction with IT systems and the wider internet is governed by a policy which must be adhered to or the employee faces disciplinary consequences.

The first bad user habit can lead to your IT systems being penetrated by many different viruses, and that is opening attachments that are not recognized. It might be completely benign, but on the other hand the attachment may harbor something far more sinister.

Next on the list is poor password management and this one is twofold. The first case is when users have the same or similar passwords for all of their online accounts, whether that could be social media or banking. Once the cyber criminals manage to crack one password, they have just cracked the code for the user’s entire online identity. The second big issue is that many users use simple passwords so that they are easy to remember which makes sense to the user, but of course that makes them easier to crack for unscrupulous hackers. You can enforce password complexity requirements on users to access the company’s IT infrastructure and it would be prudent to give wider training on password management to employees.

The third user habit is not having your guard up and being overly friendly to strangers. Most of us are telling our children not to speak to strangers but the reality of working environment is you will speak to strangers in your professional life. However, users need to be wary of people who are trying to social engineer on phone calls or face to face to get information which will allow them to gain access to online platforms. More commonly this kind of activity is called phishing, and hackers often do their homework, and they can be very convincing as often they are armed with small pieces of information they have gathered from elsewhere to fool the victim into trusting them.

In some organizations users are restricted so that they are unable to download software to their laptops/PCs. However, in companies where employees can download applications, they should be updating and patching regularly so that any security vulnerabilities are managed. Again, most users probably click away the prompts to update as it slows them down when they are trying to work. The organization will need to provide training to ensure that employees understand the importance of maintaining the software they have installed.

The final bad user habit is probably the simplest to avoid, and that is leaving your laptop or PC logged in and walking away. This could be in the office, or worst of all in a public place such as a cafe. Whilst most organizations install an automatic lock on a device which requires a password to unlock, it is usually set at a few minutes. That will leave plenty of time for an opportunist to gain access to the computer and potentially cause a huge amount of damage to the organizational IT infrastructure.

These are just five bad habits but unfortunately users have many more. The key to safeguarding against this is to train users periodically and perform random checks to ensure the policy is being adhered to. Whilst this may not prove popular with employees, it might just save the organization a lot of potential damage both to its IT infrastructure, and to its reputation.