Dealing with human risk in cybersecurity

Issue 9 2020 Training & Education

With the worldwide information security market predicted to reach $170 billion in 2022, this is obviously an area of significant risk to organisations and individuals. Organisations need to address these risks by considering all the areas that contribute to cyber risks. Unfortunately, the human element in cyber risk is often ignored while the systems are focused on.

Some of the major areas of human risk that could easily be considered and addressed, according to Jenny Reid, CEO of iFacts, are the following:

Onboarding of employees

During induction, the company policy regarding the misuse of company devices for personal use should be discussed and the following areas highlighted:

• Personal banking.

• Personal emails.

• Personal social media.

• Filing of personal information.

• Use of personal passwords.

• Installation of personal software.

These are just some of the issues that many people believe they have the right to do when working at a company and feel that they may use the company equipment for personal use. Unless the company policy is brought to their attention, they may not understand the risk they bring to the company.

Understanding information security

The average employee has a very limited understanding of information/cyber security and believes that is something that happens at a very high level and will never affect them. You merely need to read a magazine or watch a TV programme to see how easily people ‘give’ their money away and do not understand they have been scammed.

This should be highlighted in the induction process and there should be ongoing awareness training of the risks employees could be exposed to. Some of the areas to consider discussing are:

• Connecting devices to company computers, e.g. USB sticks.

• Phishing emails.

• Using unsecured networks.

• Storage of sensitive data.

Highlighting employee risk

Any company should have an employee screening policy to address the various levels of risk in an organisation and this should include integrity assessments to highlight the level of integrity of an individual coming to work in the organisation. An integrity assessment will assess the intention of an individual as opposed to verifying information about the individual’s past.

Employee screening should not be limited to pre-employment but should be an ongoing part of an employee’s life in the company. Risks change, from both a company perspective and an individual’s perspective, and various forms of lifestyle audits should be done on an ongoing basis.

Companies should also consider integrity training as a crucial part of their employee lifestyle as people are exposed to many levels of crime and corruption, and differentiating right from wrong can become a blurry issue for many.

Remember, where there are people, there is risk. Address it effectively.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cybersecurity job opportunities
Training & Education
Massive skills gaps in the cybersecurity sector mean that self-starters who upskill themselves now could quickly put themselves on rewarding and lucrative career paths.

The importance of training in managing the cybersecurity skills shortage
Training & Education
Businesses find themselves on the back foot, looking for individuals who are able to manage and run solutions, manage incident and security teams; and having to ensure the implementation of a strong security posture.

Why companies do CCTV control room surveillance training
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
When it comes to getting resources for untapping the potential of people to realise their competencies and unlock the capacities of the systems they use, security personnel are often poor neighbours to other organisational departments.

Adaptive training platform levels up corporate security posture
Training & Education
Adaptive Training Platform offers risk-based training, continuous awareness bites and guaranteed language support via a SaaS-based cybersecurity training platform.

The human firewall
Training & Education
Fortifying your last mile of cybersecurity defences: In an effort to close the gap between technology and human error, companies are leveraging personalised training to reduce costly breaches.

Secure by Design
Technews Publishing Editor's Choice Residential Estate (Industry) Training & Education
Rob Anderson has released a book incorporating his experience in residential estate security, Secure by Design, which is now available (and we have two copies to give away).

WorldsView delivers cyber-protection with Terranova Security
Training & Education
Despite the best systems in the world to prevent hacking, the biggest weakness of any system is the human factor, which can put the entire organisation at risk.

Trends in employee screening
iFacts News
iFacts recently completed its annual review of the past year’s employee screening statistics. Of particular interest for potential employers are the social media statistics.

ASIS International appoints first president from South Africa
Technews Publishing Editor's Choice News Associations Training & Education
Malcolm C. Smith has been appointed as the 2022 president of ASIS International, the first president of the organisation from Africa as well as South Africa.

WFH increases ‘digital anxiety’
News Training & Education
New study finds that two-thirds of remote workers reported worrying more about their online security and privacy, even if nothing was obviously wrong.