Malicious and criminal attacks account for about half of all cybercrimes. Of that half, a big chunk results from human error: people clicking on phishing emails, opening Wi-Fi in sketchy situations, or plugging in strange USB drives that open threats to the whole organization.
The challenge is to do everything to ensure the human error factor is as low as possible, says Todd Thibodeaux, CEO of CompTIA. He shared his top five reasons why human error leads to security incidents:
1. Increased use of social media
There’s a huge increase in the number of social media channels coming in. Whether through apps installed or different links people send from Twitter, Instagram, Facebook or others, this has given hackers an exponential increase in platforms they can use to impact you.
2. Failure to understand new threats
It’s hard to keep up with the scope and scale of cyber threats and understand them. In the United States, it’s only been legal for a few years for companies to share threat information with each other. Before that, information sharing was looked upon as an anti-trust violation. Now, businesses are better able to understand the day-to-day threats they’re facing. But it’s still not as good as it could be.
3. General negligence/carelessness with sites and apps
You must have general protections turned on or some kind of antivirus software installed to help you behind the scenes. Google Chrome, for example, has some great site tools built into it that keep track of sites that are dangerous. But if you have some of those features turned off to make your browsing faster and easier, you’re really putting yourself at risk.
4. Lack of security expertise with sites and apps
Carelessness about where you’re browsing, what you’re doing and where you’re using credit or debit cards online can put you at tremendous risk.
5. Failure of IT staff to follow security procedures, policies
The classic example of this was the Target situation a few years ago. The hacker was able to get into the company’s payment processing system because the IT staff had not purged old accounts. A consultant who’d had an account set up was never purged from the system after his work was finished. The hacker found the username and password and was able to get in and cause all kinds of problems.
Logos, product and company names mentioned are the property of their respective owners.