The Human Firewall: The Weakest Link of Them All

Organisations go to great lengths to protect themselves against online security threats, however an organisation’s cyber security is only as strong as its weakest link. Unfortunately, the weakest link is usually the human firewall and our inability to predict what staff are opening, downloading and sharing.

What is the human firewall?

When discussing Company Security in IT, we generally refer to the overall security of files and data within a company, and its ability, or inability, to be ‘hacked’ or infiltrated by external sources. However, whilst companies tend to invest significant money into anti-virus or Malware software, there is still significant weakness in the form of human touch points - the human firewall. Cyber-criminals now heavily commercialise cyber-attack opportunities, targeting humans’ naturally curious and naive nature to convince employees to open phishing emails, or malicious websites, ultimately gaining access into your organisation’s valuable information.

Human error has been found to be the single weakest link when it comes to cyber security, with the UK’s Information Commissioner’s Office finding that approximately 88% of data breaches in the UK over the past two years were a result of human error, as opposed to direct hacker attacks. These breaches were predominantly comprised of poor password practices (weak, lost, or identical passwords across various accounts), accessing non-work related websites on company technology, opening and forwarding of phishing emails, mis-delivery of emails containing sensitive information, and the use of Shadow IT - information technology systems which are not supported by the organisations IT department.

What is Shadow IT?

Shadow IT, also known as Stealth IT or Client IT, are IT systems created and used within organisations without the specific approval of said organisation’s IT department. Shadow IT can include hardware, software, web services, or cloud applications that employees use with company resources without IT authorisations, such as personal laptops, tablets, smartphones, USBs, spreadsheet macros, and applications such as Dropbox, Google Docs, Slack, Skype, Excel etc.

Shadow IT has grown exponentially over recent years with greater use of cloud-based applications and services, with a report from Skyhigh Networks stating that the average employee uses 16.8 cloud services, including 2.9 content sharing services, 2.8 collaboration services, 2.6 social media services, and 1.3 file sharing services.

While many companies welcome the use of Shadow IT as a way to increase productivity and streamline work-loads, it also exposes organisations to a far higher risk of security breaches, including uncontrolled data flows and compliance complications.

How to protect your organisation?

There are a number of ways your company is able to better protect itself from cyber security attacks, such as:

1. Building a strong security culture, or ‘human firewall’ within your organisation. The human firewall has three main components: employee education, minimising human error, and getting ahead of new threats. Focus on training employees to recognise phishing emails, unsafe websites, and creating effective passwords. Encourage employees to make decisions and fulfil their duties in alignment with the organisations’ security policies, ensuring cyber risks are minimised and security systems are able to protect your company to their maximum potential.
2. Conducting simulated phishing attacks, in order to pinpoint employees who may need extra help identifying malicious emails.
3. Encouraging staff to report security breaches. This could greatly diminish the length of time taken to detect a breach within a company. The Ponemon Institute annual Cost of Data Breach Independent Study 2018 found that the mean time for a company to identify a breach of security was 197 days, and also found that the length of time taken to detect a breach directly correlates with the overall total cost to repair said breach.
4. Take time to invest in anti-virus software to secure your organisation’s data and protect against Malware, viruses, phishing attacks, and other web threats. PIQNIC Security is a great option for all your online security needs.

PIQNIC Security

PIQNIC Security can minimise online risks to your organisation by offering a digital workplace platform which encompasses a wide range of services in one easy-to-use, secure platform. Simple and intuitive to implement and manage, your organisation will reap the benefits of a multi-dimensional system which allows you to manage tasks, share files, review documents, make decisions, and communicate with customers and partners, all without ever leaving the platform! Meanwhile, your information is secured using granular permissions and role-based security, with robust authentication and authorisation procedures, and full control over accessibility - ensuring compliance of individual data protection directives.

For more information on how to stop your information getting into the wrong hands and to organise your free trial, get in touch with us now at www.piqnic.com!