layer 1 layer 2 layer 3 layer 4 layer 5 abstract shapes

Why Humans Are Still The Weakest Link In IT Security

Posted on May 5th 2017

Another week, another data leak threatening businesses. This time, Mexican fast food eatery Chipotle were the ones under the spotlight for “unauthorised activity” on their payment processing system. Although not much is known about the breach at this point, Chipotle has assured customers that they will be in touch in due course if there is cause for concern.

The risk of hacks is one that plagues any large company, and while IT security companies encourage companies to always stay one step ahead of the latest scam, the threat never seems to subside. In reality, the biggest threat to a company’s security comes from inside their own ranks. We’re not suggesting that all of your employees are trying to leak sensitive data, rather than human error is more likely to blame for your security breach.

While companies can do everything possible to keep on top of the latest security threats, more should be done to train staff to identify potentially problematic scenarios. Humans are all too often the weakest link in the security chain, opening attachments containing malware, or accessing sensitive information over an unsecured public network, for example.

One of the fundamentals of successful IT security systems is that it is user-friendly. Unfortunately, users can more often than not accidentally or intentionally circumvent the very systems put in place to protect them. When the simple act of opening an email attachment can lead to a £150,000 fine for stolen customer files, it’s not difficult to imagine how anyone within a company could be at risk, whether they are trained in IT security or not.

The advent of the mobile worker has only compounded this problem further. While companies could once treat their physical office like a fortress and protect all of the computers on their internal network, we’re now seeing more workers taking their tech outside the four walls of their workplace.

In an always-on, always-connected world, it’s easy to forget that accessing your work email from your phone in a coffee shop could allow sensitive data to get into the hands of the wrong people. In 2012, an unencrypted laptop containing the personal data of at least 10,000 employees and contractors was stolen from a car. And the victim of this theft was none other than NASA, which might offer some relief to any worker who has accidentally infected their workstation with ransomware.

Hackers are always working tirelessly to gain access to sensitive information such as credit card information or personally identifiable information (PII). While criminals might not always manage to do much damage with the information they obtain, the news of a security breach is often enough to do damage to the company that suffered the hack. It’s a PR manager’s nightmare to have to draft a statement apologising to customers for accidentally handing over sensitive information to those with nefarious intentions.

In order to mitigate the risks of human error, companies should regularly review their security provisions. Attention should be paid to any mobile devices that are used by employees, and companies should also consider secure cloud storage solutions to prevent sensitive information from being stored directly on a mobile device.

If you’d like to discuss your company’s cloud computing requirements, get in touch with our friendly team today!