When we hear cybersecurity, immediately we think of technology, the security behind it and how processes intertwine. There is an aspect of cybersecurity that we must address and not underestimate.
It’s the human aspect or what some call the human factor.
As corporations continue to invest in mitigating privacy and security risks, it is important to consider a holistic approach to cybersecurity. It is beyond technology. There are people behind the policies and procedures. There are humans installing and running software that monitors networks, detect intrusions.
There is human error that leads to data breaches. There is human error in electronic marketing by incorrectly setting up an automated emailing system that can expose thousands of personal data (email addresses).
The human aspect is necessary in cybersecurity teams.
Let’s not forget insider threats from perhaps disgruntled former employees, current employees with inquisitive minds that they do not have permission to access certain applications.
To incorporate a holistic approach to cybersecurity, corporations should train staff and leaders on data privacy and security awareness. There are ethical issues to consider and the psychology of insider threats.
I wrote an article sometime ago about being aware of the enemy within. What causes these threats to happen? What triggers the quest for personal data to the extent that a breach occurs or exposure or unauthorized access happens?
In the Capital One data breach situation, more than 100 million people were affected. Apparently, the hacker (a former AWS worker) downloaded data stored on a cloud server.
Many corporations focus on software or tech risks only when they should also look at the enemy within. In some situations, all it takes to bring a system down is an employee who opens a phishing email. The human factor can be seen as one of the weakest links in cyber.
A report on the human factor was published in 2018 that showed email as one of the top attack points. It shared that education consulting and entertainment firms experienced a vast number of email attacks.
Consistent privacy and security awareness training is essential.
The consequence of human error in cybersecurity is massive. Awareness training is necessary. Here are some simple questions to ask or ponder about:
Where is the security policy?
Do employees even know whether any exists?
What is the company’s Data Loss Prevention Plan (DLP)?
From the loss of a USB stick to an employee copying all data to an external device, cyber security is a big deal. There are many things to consider in mitigating cybersecurity risks.
The human aspect is absolutely necessary and should be included in privacy and security mitigation strategy. Has your organization addressed these factors in its governance, risk and compliance strategy? Is the holistic approach to cybersecurity embraced by leaders in your organization?
Image: Pixabay
Belinda is a Global Privacy and Cybersecurity Consultant, Corporate Trainer (leadership, culture, diversity and inclusion, cyber privacy and security awareness), Writer, and International Speaker with a unique blend of law and technology. She is a digital entrepreneur, author, ordained pastor, mentor to women ready to impact their generation and host of Destiny Chats podcast. For consultation, click here and invitation to speak, click here
Leave a Reply