The was a short article that appeared in Silicon Beat that reiterates something I have been recommending for a long time. The weakest point of entry into your computer network is your all too human employees. The study found that 31% of cyber attacks start out from “unintended disclosures.” Usually what has happened is that an employee has read and responded to some sort of clever phishing email, and provided user credentials to the network. Another 24% were due to the loss of paper records, which can happen through dumpster-diving, or outright theft from an unlocked car or unattended desk.
The solution to this problem only comes through a thorough training program, and an established set of information security policies which define how information is stored, transmitted, and ultimately destroyed. From this beginning most small businesses can significantly reduce the number and severity of computer security incidences, from simply avoiding the cost of removing malware from infected systems, to larger issues such as securing financial, proprietary, and customer information.
This sort of training is available, and may offer a better ROI than investing in a bunch of security hardware devices. Remember, most firewalls will not block a request coming from inside the network perimeter, and in many cases will allow a response to that request, even it is directed to a cyber-criminal’s command and control server. Training, and regular retraining, is the best way to harden the human perimeter in your company.Share