What if someone tells you that the small fortune you invested in the latest cybersecurity solution may not be protecting you as expected? Yes, despite adopting the most sophisticated cybersecurity tool, a cyberattack is just one ‘human error’ away. Human errors in cybersecurity are one of the key factors triggering cybersecurity incidents and events.
World Economic Forum finds that 95% of cybersecurity incidents occur due to human errors. Human error in cybersecurity breaches is an age-old problem. For years, it has consistently been identified as a major contributing factor to cybersecurity breaches. Here are the most common human errors that lead to cybersecurity breaches: –
- Weak password security – Using simple and commonly used passwords, sharing or storing them incorrectly leads to weak password security and enhances the probability of a breach
- Use of unauthorised software If employees install applications without the knowledge and approval of IT teams, it can lead to an attack and unauthorised access to the organisation’s IT infrastructure and applications.
- Neglecting software updates that contain important security patches is another major reason that may lead to a security breach.
- Opening email links or attachments without paying attention to small cues such as incorrect spelling in the domain, can lead to the recipient and indirectly the organisation becoming a victim of phishing attacks.
- Ineffective data access management: A stringent administrator who adheres strictly to an organisation-wide access policy is critical. This will ensure security at all access points and prevent any imposters with malicious intent to gain access and control over the organisation’s data and systems.
- Improper management of sensitive data – If sensitive data has been sent over email, it can open doors for a cyberattack
- Using public Wi-Fi without using a VPN and plugging insecure devices such as USB drives can also cause unauthorised access to data and entry into sensitive systems.
While human errors in cybersecurity cannot be controlled at all times, a set of 8 best practices listed below that can prevent such errors altogether. Or at least keeping them to very minimal levels is highly recommended for organisations, irrespective of their size and scale: –
- 1. Implement a ‘Zero Trust‘ policy i.e. verify and monitor every login
- 2. Educate employees- Conduct periodic cybersecurity training to create awareness
- 3. Implement two-factor authentication or biometrics to strengthen password security
- 4. Monitor your employees’ activity with Data Access Monitoring (DAM)
- 5. Perform regular software updates as they offer new and improved features along with security enhancements
- 6. Limit sensitive data access with tools such as Privileged Access Management (PAM) and Privileged Identity Management (PIM)
- 7. Make use of system monitoring and surveillance techniques to identify indicators of possible cybersecurity incidents so that they can be contained.
- 8. Block USB devices upon connection to prevent users from accidentally infecting your system/network with malware.
Prevailing wisdom indicates that humans are the weakest link in cybersecurity. However, organisations need to understand why human errors happen and reduce the probability of such errors by using appropriate tools as well as by educating employees on the impact of their mistakes.
Although the risk of human errors in cybersecurity cannot be eliminated completely, the above-mentioned practices can help to reduce its impact to a great extent.
(This article is written by Neelesh Kripalani, CTO – Clover Infotech. The views expressed in this article are of the author.)