What Can IT Providers Do To Help Combat The Human Component Of Data Security Vulnerabilities?

By Jim Richardson, President, ForeSight Computer Solutions, ASCII member since 2015

IT providers have a responsibility to do everything feasible to assure the success of their customers. Hard drives do fail and tornados do occur; however, with surprising frequency, more threats are occurring as a result of fellow human beings. Consider the following two scenarios:

1. A broker receives an urgent email concerning his client traveling in Europe and needing a money transfer. Knowing that his client travels extensively, the broker sees no cause for alarm and proceeds as instructed.
   Result: bogus email, loss of over $20,000.
    
2. A computer user clicks a link starting the process of malicious encrypting of the files on his computer and the other computers belonging to the business which employs him.
   Result: loss of $17,000 for ransom payment

Both of these situations are illustrative of the unfortunate threat of the human component to data security. The fact is, many security issues stem from the avoidable actions of people. Logically, there are two basic categories of human produced vulnerabilities: malicious and unwitting. In the first, the perpetrator has an intention to steal or to cause mayhem. In the second, the inadvertent offender is tricked or has simply made a mistake. In either case, the human component of data security vulnerabilities must not be overlooked.

Please log in or register below to read the full article.