HR Jetpack

The Human Element

This video is premium content

Register or sign in to gain access.

Lesson:

The Human Element

Lesson Content

A solid cybersecurity approach is a combination of the proper technical systems and tools in the hands of trained staff. Businesses often invest heavily in firewalls, virus protection, or other technology while taking the human component for granted. The security of anything is only as strong as the weakest layer, and for most organizations that is some form of human error.

Your workforce, through: neglect, incompetence, or malice, represent the biggest threat to any organization. A business could spend millions on complex software, but if the manager in charge uses a weak password or pin, like “1234”, then the entire system is worthless. Attackers are looking for the easiest way in, and usually that approach is found through weak passwords or lazy implementation of security features on an individual level.

The organization is ultimately responsible and liable for the actions of their employees, and those who do not adequately train and prepare their staff should expect to have problems. Many of the most common forms of data loss or breaches come from avoidable errors involving employees with poor account security, or who fall victim to social engineering attacks where they’re tricked into giving over confidential information.

It may be less common than accidents and honest mistakes, however malicious actions taken by employees represent a huge threat to businesses. Disgruntled employees of one kind or another often look to tamper with company systems including theft or deletion of important files. It is also worth noting that many of the cyber-incidents which have made international news in recent years, were inside jobs where employees stole data from their organization and then leaked it.

Edward Snowden is perhaps the most well-known whistle blower of modern times, and the leaks he is responsible for came from abusing his security clearance to copy files, remove them from government facilities, and then give them to journalists. He wasn’t the mysterious, anonymous hacker that the news media likes to make us afraid of. He was the ordinary guy who made a choice which was very costly to his employer and the organization he was contracting on behalf of, which was the U.S Government’s intelligence community.

These days, it is easy to get carried away worrying about external threats, but it is critical that cybersecurity is done with an inside-out approach. You must start by considering how your employees work and function and then provide training and systems to support them. Best practices must be followed by every employee at every level of the organization.

Michael Wilson

Instructor:

Michael Wilson

Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training,...

Michael's Full Bio