The Human Factor

Cyber security isn’t all zeros and ones. In fact, the greatest threat to cyber security may be sitting under the mousepad at the reception desk. Or in an unlocked office. Or in your company’s training manuals.

The human factor is the generally the weak link in any cyber security system. Humans simply don’t have the kind of built-in encryption system necessary to keep out intruders. Humans can be trusting and lazy. And those are the exact behaviors a good hacker will leverage to gain access to your systems.

Keep in mind, it only takes a tiny crack in the security system for a hacker to get into your system. And with all the focus on overseas hackers, your data is still unsecure from physical intrusion. Passwords taped to the computer screen are the easiest way for someone to gain access to your internal software. No one will notice a “maintenance man” checking the lights in an office. Once hackers are working from the inside, it’s easier to maneuver around the limited, internal security measures.

Email remains one of the easiest ways to gain remote access to a system. And because we access email through multiple platforms, hackers can easily dupe unsuspecting users. If you only use one device to review your email (for example, through Google on your desktop), then you are very familiar with the way your email messages look. But email messages look slightly different depending on the device (phone, tablet, laptop, tv, etc), so you have less of a filter. Strange-looking emails don’t stand out. So when a hacker creates an email to appear as if it’s coming from a friend, you’re more likely to open, read, and download.

Finally, if you are a manager or executive, you are sensitive to data security. Your front desk receptionist is not. The receptionist is worried about opening paper mail, answering phone, and keeping guests comfortable. A sly email from a hacker could easily be opened in the haze of busy day.

If you house sensitive data of any kind, you are going to be the target of a hack. The best cyber security expert can’t account for all human activity. Consider a company-wide training on a quarterly basis to ensure everyone in your company is aware of new and emerging issues.