I find solace in thinking that those with nefarious intentions can be thwarted by a case of the “Mondays.” However, on a practical note, seeing their hiccups reminds me of the single biggest Achilles heel to your business’s cyber security. It’s in seeing human errors that can open our eyes to vulnerabilities in our own systems before—heaven forbid—any actual cyber-attack occurs.
The lighter side of cyber threats
The media can paint a fairly ominous picture of hackers—hooded figures outlined by a screen filled with cryptic characters scrolling Matrix-style on a mega-desk computer monitor. With nothing more to go on than a secretive name and some legacy of damage, this image can make us feel horribly vulnerable.
Thankfully, however, most of this image is completely fabricated from the minds of some rather imaginative journalists. The majority of hackers are opportunistic in that they take advantage of open doors and dropped dongles. And the more success they have at exploiting these weaknesses, the more prone they are to tripping up. Even the best hackers can get lazy or too cocky to care about the details.
But take note: this same complacency is what most employees fall into with your data security protocol. In fact, the vast majority of cybersecurity failures are due to employee error. Most of these errors are made unconsciously, and it’s these unconscious choices of bypassing the login screen; creating a simple, universal password; or leaving data on a device you’ve sent to be recycled that leaves your business IT open to cyberattack.
Filling the gaps employees create
Knowing that it’s these accidents that create vulnerability, the response may be to tighten security with even more firewalls or login options. Only, the problem exists in the first place because of how employees see the system that’s been created.
Too often a perfectly good security plan fails because of being too rigid for employees. Keep in mind your employees are looking for ways to be more efficient or to reduce repetitive tasks. The same as hackers likely tire from having to cover their tracks so often—the average employee is simply bypassing security to get at their work more easily.
This is where biometric methods, like facial-recognition software, or card keys could be a worthwhile investment. If the action is nothing more than looking at the screen, or swiping a card, the repetition is less onerous. But keying in an eight-digit password that changes every month or three, now that is hateful enough to drive most people to find back door methods.
Playing the odds of cyber security
Another thing that comes to mind from seeing elite hackers screw up is that cyberwar is not a guarantee that you’re going to be hacked. Most of these stories are of massive corporations with millions or billions of dollars’ worth of data to get at. A worthy target for elite hackers that go the extra mile to breach cybersecurity. But for the typical business, a solid approach and well-thought-out program—that is adhered to—is always the best plan or protection against the opportunistic hacker.
But, whatever you do, don’t give in to the hyped-up images of mysterious figures cackling at the thought of piercing the inner sanctum of your data. Keep your head and scrutinize every door that could be a passage for a person who—remember—can make mistakes just like anyone else. All those doors like: any connection to your network (even an old fax machine or copier), elaborate login methods (that might irk your employees enough to ignore), or end-of-life equipment (like that smartphone your sales rep had before upgrading).
Invest in methods of cushioning these moments where human nature can cause problems to ensure your cybersecurity isn’t undermined inadvertently. Consider easier methods of logging in like the card key or facial recognition. Also, partner with a sustainable ITAD company like Sage who looks to reuse or refurbish your devices. They should have a data-erasure program that complies with NIST 800-88 standards.
With this kind of outlook, the overwhelming potential of being victimized can be displaced with sound methodology and sober attention to detail. That way, those hackers will have the Mondays if they attempt to capture your data.