When people think about information security, they usually think about the systems, software, and hardware that are working behind the scene to protect an organization’s data. There is one part of security that is usually overlooked though and that is people. Humans are the greatest access point to business-critical data and will always be the main target for threat actors.
Many employees are unaware of the threats that are out there today. Others will ignore security procedures to be conscious of time and productivity. IT security professionals are in short supply these days and unless organizations invest in the human element of cyber security, the human firewall if you will, threat actors will continue to exploit the weaknesses of humans.
The threat landscape is continuously evolving as well as becoming more complex and sophisticated. Data records are lost or stolen at a rapid pace: 4,542,204 records every day to be exact. To break that down farther, that is 189,258 records per hour, 3,154 records per minute and 53 records per second. The stats are scary and there needs to be a concrete action plan in pace to combat this ever-changing landscape.
Because the humans at a company are a much more common target than the system itself, sensitive information is only as secure as the least secure human who has access to it. In 2016, 49% of breaches were web-based attacks and 43% were phishing/social engineering attacks. The root cause of 48% of these attacks was a negligent employee or contractor. Small and medium sized businesses are struggling with security and the protection of data. There needs to be a culture built in the workplace around security awareness and a strong action plan in place.
Human Firewall: Action Plan
There are steps that can be taken that can contribute to building a strong human firewall. Things such as having regular employee training to identify certain types of attacks could very likely save an employee from becoming the next victim of a huge cyber incident.
Another important step is to evaluate who has access to what data. It is important to block outdated access points so former employees can’t access information which is no longer relevant to them. Restrict end-user access to data so active employees only have access to the data that pertains to their job functions. Improper data access levels can be a huge vulnerability to the company and the company’s mission critical information.
It is also a good practice to train employees to separate their work and personal lives. Countless of hacks have stemmed from company employees using their work machines and email for personal endeavors. There are so many sites that are full of malware that could potentially harm your network. Linked hacks, such as using a work email for a third part site account, could create a huge vulnerability and a back door into your company’s information.
The final step in your action plan should be talking to a service provider about building and managing a full cybersecurity plan. A service provider is there to aid organizations with the security and protection of their data and IT systems. They have a 24/7/365 staff that is monitoring, alerting, and taking action on the health and productivity of your workstations, servers, and databases. Their certified engineers can implement and manage anything from anti-virus, security monitoring, IPS/IDS, data backups and disaster recovery and much more! They can help create strict security procedures and implement policies to establish a stronger and more concrete human firewall.
Threat actors will always take advantage of the fact that people are the gateway to cybersecurity incidents. Human error will always be present in the workplace and there’s no way around it. The only way to combat the evolving threat landscape is to strengthen the human firewall and the services placed around the systems to protect that. Contact us today and speak with a security expert on your organization’s security posture.
It’s time to finally say, Happy Holidays! While the holiday season is for spending time with your family, eating way too much, and spreading the holiday cheer, it also signifies that the year is coming to an end. And, we’ve all heard the cliché saying, new year new me, right? Well, as you might have … Continue reading “New Connections: An Introduction to Magna5”
In the recent Solarwinds MSP Cyber Preparedness Survey, Solarwinds surveyed 400 Small- to Medium-Sized Enterprises. This survey investigated the cyber security preparedness, experiences and failings of these organizations to better understand what we can be doing to better protect critical information. The headlines of all the attacks this year are enough to scare people to … Continue reading “7 Pitfalls That Are Hindering Your Cyber Security”
FOR IMMEDIATE RELEASE Contact: Anne Clarrissimeaux Communications Manager Magna5 firstname.lastname@example.org 214-552-0910 MAGNA5 ACQUIRES NETSERVE365 Fourth acquisition in 18 months strengthens PaaS, IaaS, UCaaS services portfolio with addition of award-winning network and server monitoring and management, cloud hosting and managed IT security services Pittsburgh (November 16, 2017) – Magna5, a portfolio company of NewSpring … Continue reading “Magna5 Acquires NetServe365”