• 685 South Arthur Avenue Suite 12D | Louisville, Colorado 80027

Factoring the Human Element into our IT Security Equation

Keeping your IT system safe is more than just getting the right security software – it also entails training your employees to become more responsible users and making them more aware of how to prevent becoming unwitting accomplices in letting malware into your system. One of the things many people fail to realize is that securing business data from malware and other sorts of cyber-attacks doesn’t stop with implementing the right security software. These days, cyber-criminals also use all sorts of tricks to bait unsuspecting employees into being catalysts for malware entering your system. Reports cite that as much as 60 percent of cyber and malware attacks on businesses are done through social engineering – meaning that instead of a direct attack on your system, hackers are using ploys found on email and social networks to get people in your organization to unwittingly introduce malware into your IT infrastructure. This is why it’s equally important to put emphasis on training your employees to recognize common cyber-attack strategies such as phishing, or how to use proper virus scanning software so any external or thumb drives they plug into their computers are malware-free. Remember, it only takes one mistake from a gullible employee to open the gates of your system to keyloggers and other sorts of malware and viruses. Keeping your company’s IT system safe is an investment. Getting the right security protocols and then training your employees to not only use and respect these protocols but also be more aware about security risks goes a long way in keeping your data safe and your operations stable.

Protect your Company from Social Engineering Attacks

Threats to the security of your organization can not only come from malware, hacks, and network attacks, but also in more subtle ways. One such method is called “social engineering”. Be aware that hackers have another tool in their toolset that employs a particularly subtle, insidious way of compromising the security of your systems and network. Called social engineering , it’s the use of psychological tricks to deceive targets into revealing potentially compromising information about the systems in their organization. In practice, it can be as simple as a hacker calling an employee and asking subtle questions to gain information, or posing as someone trusted, perhaps as building maintenance, walking in the doors of an organization to directly gain access to systems—or even searching through the trash and refuse left behind by employees. The popularity of social networking has also increased the danger with the ease and convenience of creating connections to potentially trusting members of your organization. However, there are some actions you can take to protect your business: Create a policy outlining the proper handling and sharing of information online as well as offline. Put systems and procedures in place to protect your systems if sensitive information does get out—such as the regular replacement of passwords. Educate your employees about the threat. You cannot solve a problem if your people do not know that a problem exists in the first place. Awareness can be your best defense.