When considering the issue of network security, it is natural to place the focus of attention on computer technology. And this obviously plays a central role in such problems. But the human factor in network security is often overlooked, and this is a massive mistake as it is a fundamental part of way network security issues emerge in the first place.
Probably the most common human cause of network security problems is members of staff simply taking cybersecurity requirements too lightly. This may seem trivial at the time, but failing to pay proper heed to important network issues can actually have dramatic and debilitating consequences for organizations of all sizes.
WannaCry Epidemic
For example, the recent WannaCry ransomware epidemic made headlines all over the world, but what was often missed amid the fanfare was the fact that human error played a central role in ensuring that businesses worldwide ransomware emerged, yet many businesses failed to update their systems.
When WannaCry began in to infect systems, IT personnel was usually the weakest link. Errors such as employees with local admin rights disabling security solutions were rife, and this enabled the infection to spread rapidly. What became an attack with costs for companies and government departments worldwide estimated at $4 billion began with simple human mistakes.
By the same token, employees can also play a major role in the fight against cybercrime. This was the subject of a study conducted by Kaspersky Lab and B2B International, with the two organizations surveying over 5,000 businesses worldwide on the subject of cybersecurity. Yet perhaps the starkest realization that this survey uncovered was the fact that many businesses recognize that they are under threat from internal personnel.
Basic Education
Indeed, 52% of businesses surveyed indicated that they are currently at risk from within. Their staff, either through carelessness or lack of knowledge or in some extreme cases malicious behaviour, are putting businesses at risk of cybersecurity disasters. This is clearly an issue that needs to be addressed, firstly with basic education.
Before delving further into the issue of employees, it is worth noting that another aspect of network security that merits consideration is installing a VPN such as ExpressVPN, which is a basic failsafe option. Again, the failure to implement this basic measure can be viewed as another human error, as many organizations overlook this critical aspect of security.
When surveying businesses, Kaspersky Labs and B2B International discovered that 57% of businesses believe that their IT Security will inevitably be compromised. This is a sobering figure, but it does at least suggest that companies are becoming aware of the scale of threats that they face. Indeed, the majority of businesses questioned concluded that employees are their biggest weakness in IT security, with careless actions often putting overall strategy at risk.
And the top three cybersecurity fears were all related to human factors and employee behaviour. Basic human mistakes can have a huge impact on the cybersecurity credibility of a company, and it is thus essential that this is communicated to staff on a regular basis. Because the companies surveyed concluded that sharing inappropriate data via mobile devices (47%), the physical loss of mobile devices exposing their company to risk (46%), and the use of inappropriate IT resources by employees (44%) are all massive security risks.
Three Essential Ways
However, there are three essential ways that employees can make a positive contribution to IT security culture. The first of these is simply to resolve to be aware of all aspects of potential problems. Education is absolutely key to keeping on top of security vulnerabilities, and all employees should commit to an ongoing process of training.
The second important aspect of human behaviour with regard to network security is people engaging in due diligence at all times. It is one thing for members of staff to understand security problems, and it is quite another for them to actually take these potential issues into consideration on a daily basis, and act accordingly. It only takes one moment of slackness for an entire organization's data to be compromised.
And the third issue in which employees can stand up and be counted is simply being willing to hold their hands up when mistakes are made. This may sound like a straightforward and largely unimportant matter, but in fact, it can have a huge impact on the way that security breaches are built with.
Laptop Chaos
For example, a consultancy company employed a woman who unfortunately contracted a computer virus through her personal laptop. She had decided to use this machine as the corporate laptops available had caused her difficulty, due to their creaking performance. Management had instead allowed her to work from her own computer with local admin rights, which seemed an ideal solution, until she accidentally opened an erroneous email, and locked her computer.
This was serious enough in itself, but instead of owning up to the problem immediately, the employee decided to pay off the $300 ransom demand and keep the issue as quiet as possible. The files were then restored, and within a few days, the employee had forgotten about the incident. Unfortunately, it turned out that she had failed to delete the malware, and within a matter of weeks the entire company network was infected, at which point her behaviour came to light.
So taking responsibility in these situations is absolutely critical for employees, otherwise, disaster can strike. While hackers and cybercriminals can be highly intelligent and resourceful people, the reality is that most of their successful crimes are caused or catalysed by human error. Companies need to take this eventuality extremely seriously, as the consequences of not doing so can be terminal for their business.