Your Network’s Weakest Link May Be Its People

According to a report by the Privacy and Data Protection Team at the law firm Baker Hostetler, human error was the number one cause of data security incidents.

In the incidents that the firm worked on last year, employee negligence was responsible 36% of the time. That was followed by theft by outsiders (22%), theft by insiders (16%), malware (16%) and phishing attacks (14%).The report is derived from more than 200 incidents of data breaches the firm worked on in 2014.human error

While hackers and organized crime account for most of the current headlines, in reality, most data breaches are caused by human errors and system glitches.  The SLPowers security experts demonstrate this to our clients so they understand just how easily a network can be penetrated.

We were recently asked to perform a phishing test on behalf of a client. We spoofed an email account in the name of one of its executives (intentionally misspelled), and sent an email to all their employees. Fully half of them clicked on the embedded link, which directed them through a site we had set up and then on to their intended destination. We sent a second email from the same misspelled Vice President later the same day, this time targeting only those employees who failed respond to the first. The second blast netted a 60 percent hit rate.

All told, we compromised 80 percent of the company’s employees in one afternoon.

Educating your employees and making sure they’re not cutting corners could be the biggest preventative measure you take towards thwarting network intrusions.

Ted Kobus, a co-leader of the Baker Hostetler privacy and data team, noted that problems often stem from employees who are trying to be efficient in their work.  Strict company policies frequently restrict what can be brought home.  Employees, rather than asking how they can work outside the office, quietly find a workaround, such as taking paper records home or downloading files to an unsecured personal hard drive. The challenge becomes offering those same users productivity enhancing solutions that do not compromise security.

The proper training of staff, use of capable security software, encryption and authentication of the data at either end when it is being sent, and a prompt reaction and response plan in case any sensitive information is incorrectly disclosed are all absolute necessities in order to efficiently protect your business.

In today’s threat landscape, you need to implement a multi-layered defense that includes:

  • Protecting your network from the perimeter with advanced firewall management.
  • Defending your assets with 24×7 real-time Intrusion Prevention.
  • Managing traffic at the packet level with network traffic control.
  • Detecting malicious activity wherever it takes place with comprehensive log management.
  • Securing your information in motion with managed disk encryption.

You need Guaranteed Networks-Secure.  Call us today and speak with our security experts to ensure your business’ network has a unified security plan in place.

Categories: Data Loss Prevention, Data Security, Employee Security Training, Internet Security

Tags: , , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: