Mitigating The Weakest Link In Cybersecurity: Human Users

It’s such a well-used turn of phrase that it’s practically a cliché in cybersecurity circles: the weakest link in any organization’s digital security measures is always human users. Companies spend a great deal of money and effort on technology to protect their networks from breaches and attacks that could expose access to their customers’ data or provide access to their own financial accounts. When it comes to cybercrime, information is the prize and exploiting human error is often the most successful way to get it.

Businesses are especially vulnerable to phishing attacks and spearphishing attacks, as this form of attack is usually successful because employees are too busy to pay close attention and not careful enough about sharing information, opening files, or clicking links. A phishing attack is fairly transparent – the most famous example is the Nigerian prince scam – but cybercriminals have become more sophisticated when they employ them. Often, they begin by intercepting a business’s emails to learn who their important clients or vendors are and will then impersonate one of those clients or vendors when asking an employee for sensitive data. A spearphishing attack requires less personal finesse; all an employee has to do is click the wrong link or open the wrong attachment and the network will be infected by malware designed to capture valuable data.

Cybercriminals target humans because they are the weak points in any business’ security system; in order to shore up your defenses, you have to train employees to identify suspicious attempts to gain access to data. Assess how employees answer emails and how much attention they pay to identifiers like email addresses and signatures – imposters often use corporate logos to create a false sense of security in emails. Some have even begun posing as executives or accounting staff in companies to trick employees into exposing the network to malware.

Dedicated Time to Answer Emails

One way to help defend your business against email-based cybercrime is to improve email habits; they’re often written quickly and without paying too much attention to verifying the identity of the recipient. Encouraging employees to use dedicated time in their day to answer emails rather than answering concurrently with other tasks encourages people to take more time to implement security training.

PGP Encryption Plans for Businesses

Besides training, there are also better security technologies that can help your company defend itself against imposters and phishing attacks, such as PGP encryption. PGP encryption has become a more popular way to communicate with business partners and vendors thanks to companies like Myntex that provide the service in an easy-to-use format. Using PGP encrypted BlackBerry devices, you can verify the identity of the people you or your employees are communicating with. What the company Myntex does is provide PGP encryption on BlackBerry SIM cards, encrypting all of your emails so that the information contained within, as well as attached files, cannot be spied on by cybercriminals. That prevents cybercriminals from gaining access to sensitive data carelessly emailed by an employee. For more information on how BlackBerry PGP encryption devices work, visit Myntex.com, where you can also find out about business plans, or how to become a PGP encryption reseller. It’s within your organization’s power to put a stop to human error exposing your business to cybercrime, you just need the right combination of training and technology.

Source:https://www.ibm.com/developerworks/community/blogs/1fe46177-c134-456a-9343-da93b716e20a/entry/Mitigating_The_Weakest_Link_In_Cybersecurity_Human_Users?lang=en