8 Common ‘Human Errors’ in cybersecurity and preventive measures, CIO News, ET CIO
What if someone tells you that the small fortune you invested in the latest cybersecurity solution may not be protecting you as expected? Yes, despite adopting the most sophisticated cybersecurity tool, cyber attack is just a “human error”.
Human error in cybersecurity violations is an old problem. For years, it has been consistently identified as an important factor contributing to cybersecurity violations. These are the most common human errors that cause cybersecurity breaches: –
·Weak password security – Using simple, commonly used passwords, sharing or storing them incorrectly leads to weak password security and increases the likelihood of a breach
·Use of unauthorized software If employees install applications without the knowledge and approval of IT equipment, it can lead to attacks and unauthorized access to the organization’s IT infrastructure and applications.
·Neglecting software updates containing important security patches is another important reason that can lead to a security breach.
·Opening email links or attachments without paying attention to small clues, such as incorrect domain spelling, can cause the recipient and indirectly the organization to fall victim to phishing attacks.
·Inefficient management of data access: A strict administrator who strictly adheres to an organization-wide access policy is critical. This will ensure security at all access points and prevent malicious imposters from gaining access to and control over the organization’s data and systems.
·Improper management of sensitive data – If sensitive data has been emailed, it can open doors for a cyberattack
·Use of public Wi-Fi without using a VPN and connecting insecure devices, such as USB drives, can also cause unauthorized access to data and access to sensitive systems.
Although human error cannot be controlled at all times, it is highly recommended for organizations a set of 8 good practices listed below that can prevent these errors or keep them to a minimum, regardless of the its size and scale: –
1.Implement the “zero confidence” policy. that is, verify and monitor each session
2.Educate employees– Carry out regular training in cybersecurity to create awareness
3.Implement two-factor authentication or biometric to enhance password security
4.Monitor the activity of your employees with data access monitoring (DAM)
5.Perform periodic software updates as they offer new and improved features along with security enhancements
6.Limit access to sensitive data with tools such as Privileged Access Management (PAM) and Privileged Identity Management (PIM)
7.Make use of system monitoring and surveillance techniques identify indicators of possible cybersecurity incidents in order to contain them.
8.Locks USB devices after connecting to prevent users from accidentally infecting your system / network with malware.
Predominant wisdom indicates that humans are the weakest link in cybersecurity. However, organizations need to understand why human errors occur and reduce the likelihood of such errors by using appropriate tools, as well as educating employees about the impact of their errors. While the risk of human error cannot be completely eliminated, the practices mentioned above can help reduce its impact to a great extent.
The author is CTO, Clover Infotech.