Why the Human Factor is Still the Most Important Part of IT Security

The human factor weakness

Regardless of the number of tools, software, and processes you implement, cybersecurity has one major weakness  – the human factor. Per Gartner, recent industry research shows that “22% of all breaches involved phishing, attackers leveraging stolen credentials accounted for 37% of all breaches, human error accounted for 22% of all breaches, and 30% of all breaches involved insiders”. Continuous monitoring and improvement are the keys to ensuring your human factor is no longer the most significant challenge for an effective threat prevention strategy.  

Tips to reduce the human factor

 Below are some tips to change your weakest link into your most robust in the cybersecurity fight.   

Keep IT simple

The more complex you make IT security for your end-user, the more they will find workarounds. By now, most organizations have implemented a password protocol requiring 10+ characters with a combination of letters, symbols, and numbers. The longer and more complex the password, the more likely the employee writes it down or reuses a password from another system. Think about how you can make it easier. Deploying multi-factor authentication (MFA) or two-factor authentication (2FA) may enable your organization to simplify the password requirements and add a layer of security.  

Trust no-one

We are ‘like’ family – many organizations get caught up in the employee ‘loves’ us and would never do anything to harm the company. Due to financial stress, a change in politics, or unforeseen circumstances, even the ‘best’ employee can be tempted to divulge company secrets or allow a ‘hacker’ to gain access. You can reduce exposure by implementing a zero-trust policy, where you trust no one and limit all users to minimal access – only enough to perform their jobs. Another option is to employ a privileged access management (PAM) tool to restrict access to sensitive accounts. Finally, make sure your organization has auto-monitoring to alert you if your system is attacked from the inside. The sooner you find out about the attack, the more you can control the damage.

It’s All About Education

Security awareness training should be more than a yearly task that employees need to complete. It should be ingrained into their everyday routines. Think about increasing or changing the training. Although computerized classes have become the norm, your employees may just be “clicking through” to get to the end. A few in-person sessions with small groups to talk about the latest threats and reinforce how important they are as the frontline defense will make more of an impact. In addition, include testing as part of your overall IT security awareness education. Periodically send out “fake” emails to judge if employees apply what they learn. Finally, ensure your employees know who to contact in case of a ransomware attack, know the protocols to follow, and aren’t afraid of reporting an incident. Don’t assume they know what to do.

How to improve your Human Factor

Making your organization cybersecurity ‘human proof’ starts with understanding where you are today. Dewpoint can help by evaluating your current organization and making recommendations to improve your overall security posture. As a technology company, we understand the software and tools that may help take the “human factor” out of the equation. Furthermore, we are partners with cybersecurity leaders in training and also provide individual training sessions. Contact us today.