Dealing with human risk in cybersecurity

Issue 9 2020 Training & Education

With the worldwide information security market predicted to reach $170 billion in 2022, this is obviously an area of significant risk to organisations and individuals. Organisations need to address these risks by considering all the areas that contribute to cyber risks. Unfortunately, the human element in cyber risk is often ignored while the systems are focused on.

Some of the major areas of human risk that could easily be considered and addressed, according to Jenny Reid, CEO of iFacts, are the following:

Onboarding of employees

During induction, the company policy regarding the misuse of company devices for personal use should be discussed and the following areas highlighted:

• Personal banking.

• Personal emails.

• Personal social media.

• Filing of personal information.

• Use of personal passwords.

• Installation of personal software.

These are just some of the issues that many people believe they have the right to do when working at a company and feel that they may use the company equipment for personal use. Unless the company policy is brought to their attention, they may not understand the risk they bring to the company.

Understanding information security

The average employee has a very limited understanding of information/cyber security and believes that is something that happens at a very high level and will never affect them. You merely need to read a magazine or watch a TV programme to see how easily people ‘give’ their money away and do not understand they have been scammed.

This should be highlighted in the induction process and there should be ongoing awareness training of the risks employees could be exposed to. Some of the areas to consider discussing are:

• Connecting devices to company computers, e.g. USB sticks.

• Phishing emails.

• Using unsecured networks.

• Storage of sensitive data.

Highlighting employee risk

Any company should have an employee screening policy to address the various levels of risk in an organisation and this should include integrity assessments to highlight the level of integrity of an individual coming to work in the organisation. An integrity assessment will assess the intention of an individual as opposed to verifying information about the individual’s past.

Employee screening should not be limited to pre-employment but should be an ongoing part of an employee’s life in the company. Risks change, from both a company perspective and an individual’s perspective, and various forms of lifestyle audits should be done on an ongoing basis.

Companies should also consider integrity training as a crucial part of their employee lifestyle as people are exposed to many levels of crime and corruption, and differentiating right from wrong can become a blurry issue for many.

Remember, where there are people, there is risk. Address it effectively.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The latest security trends at Securex South Africa 2023
Securex South Africa News Conferences & Events Training & Education
Security technology evolves at a blistering pace, so it’s important to keep up to date with changing trends in order to ensure maximised safety of human and personal assets. The Securex Seminar Theatre, powered by UNISA, is the place to be.

Security awareness training
Training & Education Security Services & Risk Management
It is critically important to have a security awareness solution that uses the limited time available to train effectively, and one that provides targeted education that is relevant to users.

Can artificial intelligence manage people better than people?
iFacts Security Services & Risk Management
Artificial intelligence tools are advancing, and they’re advancing fast. Across all industries and positions, AI tools are muscling in and managing to successfully do pieces of our jobs.

Plugging the South African skills drain
Training & Education News
Investing in young South African talent has become critical as skills slip out of the country; there has to be talent to fill the gaps of tomorrow by investing in the people of today.

Hundreds of installers join the Paxton Tech Tour
Paxton News Training & Education
Paxton began the Paxton Tech Tour in February, with hundreds of installation companies and installers signing up to the half-day product experience event in order to develop knowledge and explore business opportunities with Paxton’s products and services.

ALX sponsored learning programmes for 2023
Training & Education News
With a mission to harness Africa's abundant human capital by developing two million ethical and entrepreneurial young leaders from the continent by 2030, ALX has launched four fully sponsored (at no cost) tech programmes for 2023.

Cybersecurity in Africa: The challenges and solutions
Training & Education Cyber Security
Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talent and secure IT infrastructures. Facing this challenge will require supporting and nurturing the next generation of security graduates and professionals.

Developing an effective CCTV control room culture
Leaderware Editor's Choice CCTV, Surveillance & Remote Monitoring Training & Education
Organisational culture in organisations can be seen as the set of values, practices, focus, standards and behaviours, and ways of interacting with others that are accepted and subscribed to by the people who work there.

Mind the gap
Training & Education
The skills shortage in South Africa is less of a gap and more a gaping chasm, especially when it comes to finding or training and retaining talented people in the security industry.

Olarm launches its academy
Olarm Training & Education
Security professionals need to stay up-to-date with the latest product developments and best practices. Stay ahead in the ever-evolving security industry by accessing free educational resources and comprehensive, flexible and remote training programmes from Olarm.