Dealing with human risk in cybersecurity

Issue 9 2020 Training & Education

With the worldwide information security market predicted to reach $170 billion in 2022, this is obviously an area of significant risk to organisations and individuals. Organisations need to address these risks by considering all the areas that contribute to cyber risks. Unfortunately, the human element in cyber risk is often ignored while the systems are focused on.


Some of the major areas of human risk that could easily be considered and addressed, according to Jenny Reid, CEO of iFacts, are the following:

Onboarding of employees

During induction, the company policy regarding the misuse of company devices for personal use should be discussed and the following areas highlighted:

• Personal banking.

• Personal emails.

• Personal social media.

• Filing of personal information.

• Use of personal passwords.

• Installation of personal software.

These are just some of the issues that many people believe they have the right to do when working at a company and feel that they may use the company equipment for personal use. Unless the company policy is brought to their attention, they may not understand the risk they bring to the company.

Understanding information security

The average employee has a very limited understanding of information/cyber security and believes that is something that happens at a very high level and will never affect them. You merely need to read a magazine or watch a TV programme to see how easily people ‘give’ their money away and do not understand they have been scammed.

This should be highlighted in the induction process and there should be ongoing awareness training of the risks employees could be exposed to. Some of the areas to consider discussing are:

• Connecting devices to company computers, e.g. USB sticks.

• Phishing emails.

• Using unsecured networks.

• Storage of sensitive data.

Highlighting employee risk

Any company should have an employee screening policy to address the various levels of risk in an organisation and this should include integrity assessments to highlight the level of integrity of an individual coming to work in the organisation. An integrity assessment will assess the intention of an individual as opposed to verifying information about the individual’s past.

Employee screening should not be limited to pre-employment but should be an ongoing part of an employee’s life in the company. Risks change, from both a company perspective and an individual’s perspective, and various forms of lifestyle audits should be done on an ongoing basis.

Companies should also consider integrity training as a crucial part of their employee lifestyle as people are exposed to many levels of crime and corruption, and differentiating right from wrong can become a blurry issue for many.

Remember, where there are people, there is risk. Address it effectively.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Value and industry insight
Securex South Africa Training & Education News & Events
Securex South Africa 2025, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, drew thousands of security professionals from across the continent and beyond, offering a platform for networking, product discovery, and knowledge sharing.

Read more...
Gallagher Security achieves ISO 27001 recertification
News & Events Training & Education
Gallagher Security has successfully achieved certification to the updated ISO/IEC 27001:2022 standard for Information Security Management Systems (ISMS). This accomplishment builds on previous certifications and reflects a continued commitment to the highest standards of information security.

Read more...
A new generational framework
Editor's Choice Training & Education
Beyond Generation X, and Millennials, Dr Chris Blair discusses the seven decades of technological evolution and the generations they defined, from the 1960’s Mainframe Cohort, to the 2020’s AI Navigators.

Read more...
Key design considerations for a control room
Leaderware Editor's Choice Surveillance Training & Education
If you are designing or upgrading a control room, or even reviewing or auditing an existing control room, there are a number of design factors that one would need to consider.

Read more...
The deepfake crisis is here and now
Information Security Training & Education
Deepfakes are a growing cybersecurity threat that blur the line between reality and fiction. These AI-generated synthetic media have evolved from technological curiosities to sophisticated weapons of digital deception, costing companies upwards of $600 000 each.

Read more...
CCTV control room operator job description
Leaderware Editor's Choice Surveillance Training & Education
Control room operators are still critical components of security operations and will remain so for the foreseeable future, despite the advances of AI, which serves as a vital enhancement to the human operator.

Read more...
Strong industry ties set Securex South Africa apart
News & Events Training & Education
Securex South Africa, co-located with A-OSH EXPO, Facilities Management Expo, and Firexpo, is a meeting place of minds, where leading security, safety, fire, and facilities professionals come together, backed by strong ties with the industry’s most influential bodies.

Read more...
Gallagher Security expands Digital Badge Programme
News & Events Access Control & Identity Management Training & Education
Following a successful launch and roll out across Australia and Papua New Guinea in 2023, Gallagher announced its Digital Badge programme is now available to channel partners and end users across the rest of APAC IMEA.

Read more...
The need for integrated control room displays
Leaderware Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...
The need for integrated control room displays
Editor's Choice Surveillance Training & Education
Display walls provide a coordinated perspective that facilitates the ongoing feel for situations, assists in the coordination of resources to deal with the situation, and facilitates follow up by response personnel.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.