The Human Element
Your cyber security team must consider human error when security measures and policies are implemented. If it doesn’t, the widest possible potential for threat will be wide open. Did you know that approximately 95% of all security breaches are rooted in an internal error, be it intentional or unintentional?
There are a few reasons for this. Not all security breaches are intentional. In fact, most of them are not, and that will be the primary discussion in this writing.
How are your passwords stored? Employees aren’t keeping them on a file in their computer labeled “passwords,” are they? What are your passwords? Are they something easy to remember like “qwertyuiop,” or “1234567890,” or “God69,” or something like that? Or are they an encrypted bevy of characters and symbols which requires a brute-force program to compromise? You want the latter. You should at the very least have these aspects in your login passwords:
- Symbols Like “$” or “!”
- Eight Or More Characters
- Unconventional Configuration
So, an example of the proper format would be: “Password10!”, but that would be a bad password because it’s easy to crack through trial and error. There’s a list of the 25 most common passwords, and the truth is, if you just go down this list, you’ll be able to break into most systems. This is one way many businesses who have otherwise effective cyber security routinely hacked by cybercriminals.
The Internet Factor
But even if you’ve got the most secure password techniques, you must additionally train staff on proper internet usage protocols. They’re going to get emails from scammers trying to “phish” information. The better scammers will obtain login info from one method or another and sit on it until they can go “whaling.”
Whaling is a means by which administrative employees have their information hacked, and large sums are transferred, stolen, or otherwise disseminated in a means which compromises operations. It works like this: a hacker will send out an email throughout a given operational floor which usually contains iterations of known names. Bill Johnson and Steve Jacobs become Bill Jacobs or Steve Johnson, followed by “@yourorporationsemail.com.” Sometimes, hackers will even use the names of supervisors, but with a different ending address. So instead of supervisor [email protected], they’ll have [email protected]. This looks very similar and is hard to catch.
Contained in the email is a link which prompts the user to enter their login information. The hacker gets it, then combs through their emails on the sly until they can find login information for administrative personnel. They jump up the line, then use that administrative email to requisition funds from those near the top who have access to some real money. The “whale” of a hacking “haul.”
Notice that this is done completely within the bounds of conventional security. It doesn’t matter how good your anti-malware or anti-spyware or anti-virus software is if a hacker is clever enough to exploit simple human weakness.
Cyber security needs to be informed by agencies that understand the landscape, as well as the trends transitioning through it. The cyber landscape transitions with technological innovation. Common hacking ruses are routinely replaced by new ones as the old are found out. What you need is security solutions like ours at Idealstor. We understand the landscape and can help you safeguard your business in a perpetual way incorporating the human element into preventative measures. We at Idealstor offer top-tier solutions, and will assure you remain secure. Contact us for solutions against even the human element.