Dealing with human risk in cybersecurity

Issue 9 2020 Training & Education

With the worldwide information security market predicted to reach $170 billion in 2022, this is obviously an area of significant risk to organisations and individuals. Organisations need to address these risks by considering all the areas that contribute to cyber risks. Unfortunately, the human element in cyber risk is often ignored while the systems are focused on.


Some of the major areas of human risk that could easily be considered and addressed, according to Jenny Reid, CEO of iFacts, are the following:

Onboarding of employees

During induction, the company policy regarding the misuse of company devices for personal use should be discussed and the following areas highlighted:

• Personal banking.

• Personal emails.

• Personal social media.

• Filing of personal information.

• Use of personal passwords.

• Installation of personal software.

These are just some of the issues that many people believe they have the right to do when working at a company and feel that they may use the company equipment for personal use. Unless the company policy is brought to their attention, they may not understand the risk they bring to the company.

Understanding information security

The average employee has a very limited understanding of information/cyber security and believes that is something that happens at a very high level and will never affect them. You merely need to read a magazine or watch a TV programme to see how easily people ‘give’ their money away and do not understand they have been scammed.

This should be highlighted in the induction process and there should be ongoing awareness training of the risks employees could be exposed to. Some of the areas to consider discussing are:

• Connecting devices to company computers, e.g. USB sticks.

• Phishing emails.

• Using unsecured networks.

• Storage of sensitive data.

Highlighting employee risk

Any company should have an employee screening policy to address the various levels of risk in an organisation and this should include integrity assessments to highlight the level of integrity of an individual coming to work in the organisation. An integrity assessment will assess the intention of an individual as opposed to verifying information about the individual’s past.

Employee screening should not be limited to pre-employment but should be an ongoing part of an employee’s life in the company. Risks change, from both a company perspective and an individual’s perspective, and various forms of lifestyle audits should be done on an ongoing basis.

Companies should also consider integrity training as a crucial part of their employee lifestyle as people are exposed to many levels of crime and corruption, and differentiating right from wrong can become a blurry issue for many.

Remember, where there are people, there is risk. Address it effectively.


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Increasing access to cybersecurity knowledge
Issue 9 2020 , Training & Education
In response to widening cybersecurity skills gap and strong demand, Fortinet continues offering self-paced network security training at no cost, for the foreseeable future.

Read more...
Can you monitor employees without losing their trust?
Issue 9 2020 , Security Services & Risk Management, Training & Education
Monitoring employees who are working remotely can be a tricky task if you want to ensure productivity and commitment without destroying trust and morale.

Read more...
Stafix opens new training centre in Johannesburg
Issue 9 2020, Stafix , Training & Education
Stafix Electric Fence and Security Centres has announced that its new training centre is now open for business.

Read more...
CCTV surveillance skills and body language training
Issue 9 2020, Leaderware , News, Training & Education
Omega Training Academy in conjunction with Dr Craig Donald are holding a CCTV Surveillance Skills and Body Language training course for company sponsored delegates.

Read more...
Touchless access control conference
Issue 8 2020, Hikvision South Africa, IDEMIA , Suprema, Technews Publishing , Access Control & Identity Management, Conferences & Events, Training & Education
Hi-Tech Security Solutions hosted an online conference in mid-August to highlight the new trend towards touchless access control. The conference hosted speakers with experience in the access control, ...

Read more...
Cisco enables education continuity with free ICT training
Issue 6 2020 , Training & Education
Cisco is making available free training on ICT skills courses to students and citizens across the African continent.

Read more...
Leaders in risk and security: As long as there are people, there will be risk
Issue 5 2020, iFacts, Technews Publishing , Editor's Choice
Jenny Reid is a self-made success, focusing on people, the risks they create and the potential they have.

Read more...
Mitigating the human risk
Issue 5 2020, Managed Integrity Evaluation, Technews Publishing, iFacts , CCTV, Surveillance & Remote Monitoring
Hi-Tech Security Solutions asked Jennifer Barkhuizen and Jenny Reid for some information around background screening and vetting of potential new hires.

Read more...
An out-of-the-box tutor
Issue 5 2020 , Training & Education
Kaspersky’s new security awareness training provides every employee with an individual learning path.

Read more...
Where to work in cybersecurity
Issue 3 2020 , Training & Education
Hi-Tech Security Solutions asked Kaspersky’s head of information security, Andrey Evdokimov, about the career opportunities in the world of cybersecurity.

Read more...