No matter how many security policies and procedures you adopt, human error is the one issue you can never fully protect your company from.
Hackers love social engineering, luring employees to click on a tantalising link that lets cyber criminals dumps a load of malware on your network. At other times, hey – people are just stupid. They leave their tablets on the train, they drop their phone in the pub, with company emails about the latest strategy on it.
At a roundtable earlier this month, CBR heard from Dell, managed IT firm Colt and migration specialist Intragen on ways to protect against the insider threat.
A Dell-sponsored survey revealed that user error was claimed to be the root cause of a breach by 26% of UK respondents in the last 12 months.
Losing critical business data was a worry for 54% of respondents, while 35% feared the danger of data leaving the corporate network via a neglectful employee’s mobile device.
Director of Dell Software for north Europe, Chris Miller, said: "This is quite concerning. Employees are a top three business security concern."
But how can you protect against human error? Well, here’s five ways to do it.
Content from our partners
Break down security silos
It’s important to have one solution that encompasses everything, or at least solutions that can be integrated so you have one view of your network security, rather than many.
Miller says: "We tend to think about connected security. It’s a way of bringing together lots of different areas. So at the firewall level, security around policies and provisioning; we want to bring them together in a connected way rather than having a huge framework of solutions."
Contain it!
Literally. Use containerisation technology for anyone using mobile devices to ensure that their corporate data and personal data are kept separate. This way, if their device is lost or stolen or the employee leaves the company, you can remotely wipe the device of any business information.
Get your user policies and solutions into shape – and keep them that way
It’s important to have clear and sensible user policies around BYOD, so staff know exactly what they can and can’t do on their personal devices.
The same goes for any identity and access management solutions, but you can’t just do it once: it’s important to ensure you keep IT resources available to manage those solutions – to make sure any problems or risks are identified and dealt with quickly and the solution is kept up to date.
Will Markham, security practice lead at Colt, says: "If you don’t get it right at the start then the whole thing just falls apart. If someone hasn’t configured your files correctly or is not monitoring the alerts in that environment then it starts to fall to bits.
"Where it falls down is when the people that do the projects in a company disappear and then the people who manage the solution, over time, when a patch hasn’t happened or a password hasn’t been changed, [let it]all go to pot."
Be careful what budgets are cut
Markham warns that when something is working well, the business can decide to cut down the team behind it.
"That’s what normally happens with budget cuts. People say it’s a running cost and we don’t need that person. Where once you had a whole team suddenly you’re down to tw," he explains.
He adds that funding being cut can severely affect a network, leading to dangerous gaps in security appearing as firewalls run out of support without anyone being there to notice. It also means there’s less money available to spend on the latest tools and products you need to minimise user error.
Keep it simple
Whatever policies you introduce, and however you want to break down security silos, remember to keep it simple, says Ian Yoxall, director at migration specialist Intragen.
"When it’s simple everybody’s happy. When it’s complex you get some organisational resistance to change, and that’s the thing on security," he tells us. "It’s not about the zeros and the ones, it’s about the way people behave."
