Are Humans Your Biggest Security Risk?

In this day and age, dealing with cyber security threats is a normal part of business. Predictions are out that these threats are only going to increase each year as the man power, and the computer power, behind these attacks rises.

There are more and more services becoming available as this industry grows. Fibernet recently started offering Anti Phishing services, and we continue to grow our line of services to help prevent and manage cyber attacks.

But there is a fundamental issue at hand that has nothing to do with how up-to-date your system is, or if you have a back up, site monitoring, managed services, malware protection, or a firewall. (Which, for all of these, you should be nodding your head in a round of, “Yes, yes, yes.” If not please familiarize yourself with these resources that, these days, are a no-brainer to have!)

We are talking about the person sitting at a desk looking at a computer screen. The employee that, just like every other mammal, has to eat, sleep, enter their password to gain access to their email account, or to sign on to their computer. (This is always a struggle for the elephant!)

Utah Business held its first Cybersecurity and Digital Privacy roundtable recently, where a  group of 14 experts in the field lead a discussion on the issues at hand for businesses and cybersecurity. They found that one of the most common breaches was “when an individual computer is compromised, which can then lead to theft of that individual’s username and password for their email login. This can then translate into phishing emails being sent to their entire contact list – even sending Word document or .PDF attachments – and thus infecting any other contact…”  Usually the result is devastating, with losses in the 6 digits. Oftentimes this can result in large amounts of money being transferred – say, the CEO’s email gets hacked and then emails his assistant to transfer money to a certain offshore account. Unless there are pre-set steps in place for a situation like this the assistant may not double check that this is a legitimate request. Sayonara, hard-earned money!

Dean Sapp at Braintrace said that multi factor authentication is “[one] of the best controls, for the least amount of money.” If a client is calling him about a breach, usually they do not have multi factor authentication.  Matt Sorensen from Secuvant says that bad “cybersecurity hygiene” is to blame for so many companies lacking this feature. Having educated staff and the tools in place to guard against attacks is key.

Changing things up with how a company rolls is a sure-fire way to get resistance from your employees. But if your company is in it for the long-haul, you must have tools to guard against these attacks, and a staff that is aware of the threats.


Check out some of the resources available to you here.