Email: info@fc-llc.org

Technical threats always start with a human. Take time to train the human element

by Posted on January 13, 2020

Take time to train the human element to mitigate technical security threats

The digital threat landscape is continuously changing and evolving. Information technology (IT) security professionals are continually mitigating threats just as quickly as malicious actors are creating them. However, there is one vulnerability that even the most sophisticated security software can not protect against, that vulnerability is humans.

Very rarely do computer systems function in a vacuum. Every physical or digital interaction a person has with a computer system is a potential vulnerability that can be exploited. More than half of businesses believe their biggest IT weakness is their employees.[1] Two of the biggest concerns are inappropriate sharing of data and company device loss. From small businesses to corporate enterprises, more than 40% of companies believe they are not protected from their employee’s dangerous IT practices. [2]

Even though employees are the largest threat to IT infrastructure and data, they rarely have malicious intent. Often, employees lack the appropriate training to identify external or internal IT threats. One of the most common types of attacks is a phishing attack. A phishing attack usually takes the form of a legitimate-looking email aimed at employees. These emails typically look like they come from other employees inside the company, and they typically ask for usernames, passwords, or for users to download something. The moment that login details are shared, or a file is downloaded, the company network can be compromised. 

Even tech-savvy companies are vulnerable to this type of attack. In 2019, a Lithuanian hacker made off with more than $100 million from Facebook and Google.[3] Phishing attacks are just one of the myriad of IT threats that proper training can mitigate.

The best way to mitigate the threat of the human element is through security training. However, not all security training is created equal. Freedom Consulting takes a unique approach to security training that ensures it is customized and tailored towards the type of risks and vulnerability a company has. The training we provide is dynamic. Types of attacks are always changing, and what worked last year might not work today. Our training evolves to reflect the current and emerging threat landscapes. An organization with ten members will have different needs than a business with 1000. We will work closely with you to create training that fits your organization. 

Finally, the training needs to be realistic and memorable. It is easy to forget security practices when only seen once. Training repetition creates reinforcement, leading to a culture of constant vigilance. Without employee security training, your organization is digitally defenseless.

Whether your organization is looking for security training or just some pointers to get you pointed in the right direction, Freedom Consulting, LLC, can help. For more info or to schedule a consultation, please visit this link or email us at info@freedomconsultingservices.org.

 

 

[1] https://www.kaspersky.com/blog/the-human-factor-in-it-security/

[2] https://www.kaspersky.com/blog/the-human-factor-in-it-security/

[3] https://www.thesslstore.com/blog/the-dirty-dozen-the-12-most-costly-phishing-attack-examples/

Published by RW-Freedom