Cybersecurity: Humans weakest link in the chain

Following good practices can check human errors that lead to breaches or minimise them.

Cybersecurity: Humans weakest link in the chain
Using simple and common passwords, sharing them or storing them incorrectly leads to weak password security and enhances the probability of a breach.

By Neelesh Kripalani

What if someone tells you that the small fortune you invested in the latest cybersecurity solution may not be protecting you as expected? Yes, despite the most sophisticated cybersecurity tool being adopted, a cyber-attack is just one ‘human error’ away. The World Economic Forum has found that 95% of cybersecurity incidents occur due to human error (source – Global Risks Report).

Human error leading to cybersecurity breaches is an old problem. For years, it has been identified as a major factor in cybersecurity breaches. Here are the most common human errors that lead to cybersecurity breaches:

Also Read | Govt withdraws Data Protection Bill from Lok Sabha

Weak password security: Using simple and common passwords, sharing them or storing them incorrectly leads to weak password security and enhances the probability of a breach.

Also Read | Cybersecurity: Companies seek more bang for their buck

Use of unauthorised software: If employees install applications without the knowledge and approval of IT teams, it can lead to an attack and unauthorised access to the organisation’s IT infrastructure and applications. Neglecting software updates that contain important security patches is another major reason for security breaches. Opening email links or attachments without paying attention to small cues such as incorrect spelling in the domain, can lead to the recipient and, indirectly, the company becoming a victim of a phishing attack.

Ineffective data access management: A stringent administrator who adheres strictly to an organisation wide access policy is very important. This will ensure security at all access points and stop imposters with malicious intent to gain access and control over the organisation’s data and systems.

Improper management of sensitive data: If sensitive data has been sent over email, it can lead to a cyberattack. Using public Wi-Fi without using a VPN and plugging insecure devices such as USB drives can also cause unauthorised access to data and entry into sensitive systems.

While human error cannot be checked at all times, here’s a set of eight best practices that can prevent such errors altogether or keep them at minimal levels:

Implement ‘Zero Trust’ policy, i.e. verify and monitor every login.
— Educate employees – Conduct periodic cybersecurity training to create awareness.
— Implement two-factor authentication or biometric to strengthen password security.
— Monitor your employees’ activity with data access monitoring (DAM).
— Ensure regular software updates as they offer new and improved features and security enhancements.
— Limit sensitive data access with tools such as privileged access management (PAM) and privileged identity management (PIM).
— Make use of system monitoring and surveillance tools to identify possible cybersecurity incidents, so that they can be contained.
— Block USB devices upon connection to stop users from accidentally infecting system/network with malware.

Prevailing wisdom indicates that humans are the weakest link in cybersecurity. However, organisations need to understand why human errors happen and reduce the probability of such errors by using appropriate tools as well as by educating employees. Although the risk of human error cannot be eliminated completely, following the aforementioned practices can help reduce their impact to a great extent.

The writer is CTO, Clover Infotech.

Get live Share Market updates and latest India News and business news on Financial Express. Download Financial Express App for latest business news.

Photos