The Human Resource: Human factor in cyber security

Data security is on the mind of most business leaders, and may even keep them up at night worrying about how to properly protect their business from attack and secure company and client data. Insurance products are ever evolving to address these risks and offer insurance protection to mitigate a data breach. Unfortunately, this is reactive to an event we all wish didn't happen to begin with.

In 2016, there have been 43 reported data breaches in the banking/credit/financial industries with 71,912 records exposed Data retrieved from http://www.idtheftcenter.org/images/breach/ITRCBreachStatsReportSummary2016.pdf.

. Other research revealed in 2016 30% of phishing emails are opened, and about 12% of the targets go on to click the link or attachment Data retrieved from https://www.bitsighttech.com/blog/data-breach-statistics.

. Another staggering piece of data indicated that 59% of employees steal proprietary corporate data when they quit or are fired Data retrieved from https://www.bitsighttech.com/blog/data-breach-statistics.

Why is technology and cyber security professionals not enough?

The greatest risk in your business to exposing your data to a breach are your employees. Note the statistic above about phishing scams, and how 30% of those that get through the security technology in firewalls and servers. Therefore, where is the final line of defense for your business data? It is the employee who failed to comply with policy, procedures, or was not properly trained who clicks that link and opens the door for the invasion.

Have you ever just toured a business office, not to see the pictures or the technology, but to observe and critique the employee offices, cubicles, and workstations? You will see unlocked computers with data visible on the screen, personal devices such as phones and mobile laptops not secured or protected. You may observe flash drives sitting in computers with no locks, or sticky notes on monitors with passwords and login information. Examine a reception desk and you might find a plethora of information that would permit access to the computer system. Further, the fact that you are walking around observing all these issues and systems without security means you might have a chance to sit at a machine and load a virus onto the decide or network.

What does this all mean for you and your business? It is imperative to, in addition to the other protocols noted above, to establish security policies and practices for the human factor and greatest risk, your workforce.

Here are five critical areas to cover in your cyber security policy to specifically, intentionally, and proactively address the risks directly related to the human factor of risk in the realm of cyber security.

  1. Password Security. Establish clear protocols in the selection and use of a password. The more complicated the password, the more difficult the breach will be by someone roaming around an office. The password should include a combination of Upper and Lowercase letters, a number, and a character. Provide training on effective passwords, with guidance such as avoiding a password like Cashout1* and instead C@$h0ut1*.
  2. Locking Computer Systems. It must be mandatory for employees to lock their computers whenever they leave their workstation to prevent unauthorized use or access to the system and network. While the technology can force the automatic lockout using screen savers and other applications, it only takes moments to breach a machine, so holding the employee accountable to lock the machine enhances your protection and improves security measures.
  3. Store and Lock Devices. Any portable devices, phones, laptops, and other machines that are wirelessly connected or networked to the system should be locked and put away whenever not in use. These devices can be picked up and taken easily allowing the cyber attacked the opportunity to take their time and attempt to gain access to the system through the device. This includes any portable or flash drives that are simply sitting in a USB port waiting to be stolen.
  4. Train Employees Frequently. Provide regular cyber security training to the workforce to both remind employees of their obligation to protect the data, and hold them accountable for their workplace actions.
  5. Perform Frequent Testing. Management should take steps to frequently test their security practices including those controlled by the human factor, the employee. When gaps are identified, take affirmative steps to train and correct the practices to they do not become engrained in the workforce exposing your company to risk and liability.

Conclusion

Technology and cyber security professionals are not enough to protect your business from a data breach. The greatest risk comes from untrained employees and organizations without strict policies and procedures to model appropriate workplace data security behaviors.

** The opinions expressed are those of the author and do not necessarily reflect those of the ownership or management of Chadds Ford Live. We welcome opposing viewpoints. Readers may comment in the comments section or they may submit a Letter to the Editor to editor@chaddsfordlive.com

 

About Warren Cook

Warren is the President and co-founder of SymbianceHR and provides strategic oversight for service delivery, business operations, and technical guidance on consulting engagements. He is a human resources subject matter expert with over 25 years of experience as a strategic human resources business partner, project manager, and people leader across private and public sectors organizations. Warren is responsible for the strategic planning of all client consulting engagements from initial needs assessment and compliance review through delivery of customized strategic solutions that meet the client’s business goals. He has a proven track record of providing executive coaching and guidance to business leaders and human resource professionals at all levels including the C-Suite of Fortune 100 companies. Warren is also the Chief Talent Officer and cofounder of SymbianceHiRe, a Symbiance company dedicated to providing direct placement talent acquisition services and temporary and contract staffing solutions to the business community. Warren holds a B.S. in Human Resource Management, an MBA in Project Management, and a M.S. in Industrial and Organizational Psychology. Warren is the author of “Applicant Interview Preparation – Practical Coaching for Today.”

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

Comments

comments

Leave a Reply