Green Duck

Green Duck

Humans – the weakest link in cyber-security

By Emma Crawford

Humans – the weakest link in cyber-security

by Sam Rudd, aka ‘Secret Sam’

Last year's Bupa data breach leaked the personal details of 547,000 customers who signed up to their international health insurance plan. The culprit? A rogue employee.

This example shows that even large organisations can be affected by the actions of just one employee. And it’s not only disgruntled or rogue employees that company owners should be worried about, but all employees, at all levels, 365 days of the year!

Why?

Firstly, humans tend to be helpful by nature. Sadly, we live in a world where this good nature is regularly exploited by hackers in order to gain access to your systems and data. In the same way that you would teach a child to look both ways before crossing the street, your employees need to understand how to assess the risk of ‘helping’ someone outside of your organisation by giving them information or access that could effectively harm your business.

Secondly, people are preyed on by hackers for simply being human. Without even realising we’re doing it, we fall into regular habits that hackers can exploit to breach our organisation’s systems. If I asked you how many traffic lights there we’re on your journey into work, I’d imagine you couldn’t tell me. Likewise, when elements of our job become routine, we become less conscious of what and why we do certain things. This can be incredibly dangerous to businesses as it is this lack of mindfulness that can lead to accidents.

What can you do?

Really knowing the employees in your team will enable you to recognise and analyse certain behaviours and their influences, to help improve your security.

Being aware of your employee’s behaviour and influences enables you to better manage their risk to your business. I’m not saying that need to know every minute detail, all of the time, but the knowledge you do have will allow you to take actions to enhance your security defences.

Some of these actions include:
Staff training and risk culture - such as individualised training and gamification
Implementing regular Phishing campaigns on your own employees
Regular staff risk assessments

If you would like to learn more about how we can help build layers of security for your business, please get in touch