Human error behind security breaches

Human error behind security breaches

Human error is behind the vast majority of IT security breaches. A breach is a breach, whether through ignorance, a simple mistake or malice. A significant percentage of companies feel exposed to an inside threat so what can they do to protect themselves?

Train your staff

Recently we heard about a company laptop that was riddled with malware. The employee who used it never thought twice about the security credentials of the sites he visited. He never checked emails and attachments before opening them. We advised on cleansing and protecting the laptop, then gave a vital piece of security advice for this situation: change your habits, or the same thing will happen all over again.

This was quite an extreme case of human error. Even so, every company needs to train employees. They should learn where risks might lie, how to spot them and what to do if they think something’s risky. This remains without doubt the greatest cybersecurity danger area for companies of all sizes.

Maintain your IT assets

Do you find constant update notifications annoying? Do you dismisses software updates as  as a nuisance, especially if you have to reboot afterwards? You’re making one of the most serious security mistakes.

human error

Legacy systems can leave services exposed to security risks

Never put off software updates. Whether you use Linux (you do, don’t you?), Mac or MS, software updates are vital for keeping software responsive. Updates protect software from new security threats and loopholes.

Software needs to be monitored and maintained at a system level too. Hardware needs to work at optimum and replaced if its software requirements jeopardize security. There have been several explanations for British Airways’ recent problems, including a contractor switching off power, but legacy systems have also been mentioned as a possible cause.

Restrict access to services

If someone leaves a company their work email address should no longer be available to them (divert it to ensure clients aren’t left dangling). Remove access to any other company services. Whether that employee is friend or foe, leaving access open to ex-employees is like leaving your house keys dangling in the door when you go out. Even worse, you may not have any idea they ever set foot in the house.

This is simple good IT hygiene. Enhance it by implementing different levels of access to company systems, and an audit trail. Know at all times not only who has access to what, but when they last accessed it, and keep that clearance under review.

Disaster recovery planning

These measures will go a long way to protecting your company and avoiding day-to-day pitfalls. Your staff will feel happier that they’re working within IT structures that smooth their working day and protect them against intrusion. IT contractors will be delighted to work with a business that takes security so seriously and uses platforms and utilities that are kept up to date.

However, we’re busy people. We receive hundreds of emails a week and use all sorts of online utilities. Everyone understands the basics of internet hygiene just like we understand that we shouldn’t eat too much sugar, but we don’t always follow the rules. We’re too busy, too tired, too hasty and too pressurised. We don’t double check the sender of every email and attachment we receive, or pay attention to the security of a website. This is especially the case if they appear familiar at a glance. Sometimes we click on something we shouldn’t, and every so often that will have calamitous results. This is how human error creeps in.

Creating a disaster recovery plan is vital for any business that intends to survive a serious IT problem. It’s time very well spent. You keep operating while the situation is put to rights instead of scrambling to find information. There’s a great deal of information available on disaster recovery planning, but we’re always happy to help if you’d prefer professional input. A well-drafted, tested and implemented disaster recovery plan turns an IT problem from a disaster to a nuisance.

Comments are closed.