Exploring Human Errors in Cybersecurity

Category

Awareness, Cybersecurity Fundamentals, Physical Security

Risk Level

 

You may have thought that hackers wore black suits and rappelled off the roof to hack a company, but that only exists in Hollywood. In real life, human error remains one of the leading causes of cybersecurity breaches.

Making errors is an inevitable aspect of being human. It is important that we learn from those errors and develop processes to prevent future mistakes. In the world of cybersecurity, we use a similar approach. Most of the time, human errors occur due to a lack of understanding about adequate privacy and cybersecurity measures. Therefore, let’s take a look at some categories in which human errors occur in the world of IT and cybersecurity and what you can do to prevent those mistakes.

Poor Identity and Access Management

Unauthorized access is one of the biggest threats to any organization. Any unauthorized person accessing sensitive information or systems within an organization could have detrimental consequences for the company and its customers or clients. This incident would be considered a "data breach," and it's the potential consequence of poor Access Control management. Giving excessive privileges could increase the risk of a data breach; therefore, we must always be vigilant and limit who has access to sensitive information. It is also essential to evaluate inactive accounts and terminate access on a regular basis. 

Weak Passwords

Many people overlook password choices. Recent data breaches have shown that people are highly likely to use the same password across multiple online accounts accounts. While passwords serve as a safeguard to prevent hackers from exploiting our sensitive data, it's important  to refrain from using the same password. Since we tend not to remember many different passwords, we set up something like "123456" or "Password1234" or worse! Some people use their data of birth or hometown as their password - which is the simplest to remember but also the easiest for the hacker to crack. Therefore, you must remember to set up more sophisticated passwords with unique combinations of letters (upper-case & lower-case), numbers and symbols, or even long passphrases instead of simple passwords. 

To further increase protection against cyber attacks, organizations and individual users should consider multi-factor authentication (MFA), password management tools, and updating passwords regularly to help add layers of security beyond just a username and password combination. This will reduce the risk of exposing sensitive information due to weak passwords. And last but not least, make sure to check out our popular Password Table to see if your password is in the green!

Physical Security Breaches

Some actions we do could give way to an unauthorized person accessing your organization’s facility or office. For example, tailgating occurs when an unauthorized person closely follows an authorized person to gain access to a restricted area. Consequently, a malicious person can break an organization’s office and install malicious software to gain control of the IT network - circumventing all of the cybersecurity protections put in place. Preventing unauthorized access to facilities requires a joint effort from your workplace and individual employees. It requires proper regulations and procedures such as installing door card readers, surveillance devices, mandating visitor policies, educating employees on the risks of tailgating, and on identifying suspicious behavior. 

Are you interested in hearing more about what’s going on in the cybersecurity world? Make sure to check out our other Approachable Cyber Threats (ACT) posts and subscribe to our ACT Digest to receive updates on the latest cybersecurity threats – straight to your inbox!

 

Follow us - stay ahead.


Read more of the ACT

Previous
Previous

HTTPS is Secure (Except When it’s Not)

Next
Next

Newly Exploited Vulnerabilities in Apple Devices