Cyber security is an ongoing battle with which all IT decision makers are intimately acquainted. In this security arms race, more advanced and sophisticated tools are constantly needed to meet increasingly insidious attacks.
But no matter how clever the technologies you employ to defend your endpoints and root out malware, there is one vulnerability that particularly vexes businesses: human error in cyber security. Egress’s Insider Data Breach Survey 2021 found that 84% of IT leaders who had experienced a data breach named human error as the top cause of those breaches. Our natural tendency to take shortcuts for the sake of convenience and to neglect arduous best practice can allow bad actors to get around the best defences.
Fortunately, there are tools and techniques to educate and support your employees in making choices that best protect your business.
Human error strikes across the business, and even IT and security professionals are not immune.
It may be convenient to neglect crossing the i’s and dotting the t’s when it comes to tedious security duties – especially with a growing pile of tickets that need responding to – but this can lead to serious consequences.
Ensuring that patches are up to date and systems and hardware are configured properly may not be the most glamorous of tasks – and might be easy to put off until later – but failure to do so can have serious consequences. The WannaCry ransomware attack in May 2017 affected hundreds of thousands of targets, leading to serious financial and operational damage across the globe. But Microsoft had released a patch to address this vulnerability three months prior to the attack, which just goes to show how many organisations let these simple but tedious tasks slip – and the dire consequences that can result.
When disasters do occur, backups are essential for disaster recovery – if they are properly configured and tested. However, the Veeam Data Protection Report 2021 found that 58% of backups fail, leaving data unprotected. Again, this is an area where taking shortcuts can have serious consequences in the long run.
Outside of the IT department, cutting corners can lead to breaches at any level of the business. While passwords remain the primary method of controlling access to our systems and protecting them against bad actors, human error in cyber security means maintaining proper password hygiene can be seen as an inconvenience.
Unfortunately, this leads to corner-cutting behaviour like password reuse that makes it much easier for cyber criminals to compromise login credentials, allowing them to access critical systems and potentially cause serious harm to your organisation. It’s difficult to remember multiple long, complicated passwords, but using ‘12345’ or ‘p@ssw0rd’ for every login is an invitation for criminals to compromise these credentials and breach your network. Further, even a complex password can be risky if it’s used across multiple services.
Verizon’s 2022 Data Breach Investigations Report named stolen credentials as the primary route of access into organisational systems, accounting for almost 50% of breaches. It’s clear that employees need help with password security to ensure that your business isn’t left vulnerable for the sake of convenience.
The key to preventing risky human error in cyber security is to support your workers so that good practice is not seen as inconvenient, and that arduous tasks and workloads are lightened as much as possible.
For IT teams, this means ensuring that workloads are managed properly so that IT personnel have the time to attend to patching, backups and other security-critical duties. Best practice guides and better approaches to time management will help staff members avoid getting swamped by requests and build a schedule that includes regular maintenance and monitoring.
This can be bolstered by automation and remote access solutions like Keeper Connection Manager, a password and secrets manager for protecting businesses from cyberthreats and with whom we work alongside to help protect our clients’ credentials.
With the right tools, some vital duties can be automated to reduce IT department workloads while ensuring that essential maintenance takes place. For the things that can’t be automated, Keeper Connection Manager offers a secure, reliable and frictionless way to access and oversee key systems and hardware from anywhere, minimising the inconvenience and roadblocks that contribute to risky shortcuts.
Likewise, security awareness training and the right password management tools combine to greatly reduce the incidence of credentials being compromised. Understanding what makes a password secure is, naturally, key to ensuring that employees are making the right decisions when creating and updating login credentials – and a dependable password management system can take your protection to a whole new level.
Just as convenience can lead us astray, password managers help employees to make the right choices. Password managers enable users to generate random, unique and secure passwords based on customisable criteria and save them to a secure digital vault, eliminating the risks associated with weak passwords or password reuse. Services like Keeper Password Manager integrate across platforms and devices, meaning that users only need to remember one password, the master password that unlocks their Keeper vault.
Keeper Password Manager also allows IT teams to monitor and control employee password practices and require users to adhere to best practices, such as using unique, complex passwords for every account and using multi-factor authentication wherever it is supported. Keeper provides tools for role-based access control (RBAC) and least-privilege access, so if threat actors do manage to use a set of compromised credentials to breach your systems, they’ll be unable to move laterally within your network.
For extra protection, organisations can add Keeper BreachWatch, which monitors the dark web and alerts administrators if any company passwords are compromised in a public data breach. This way, administrators can force password resets as soon as possible.
Convenience will always tempt employees into making bad choices that compromise security. Your role is to ensure that they understand the consequences of these decisions and are armed with the tools and knowledge they need to make smart choices that will protect your business. When convenience and good practice align, your company will be in the best position possible to reduce human error in cyber security.
If you want to discuss how to better protect your organisation and increase convenience with tools like password managers, you can request a chat from one of our experts.