Humans ‘suck’ at cybersecurity?
As a human being, you are taught to be kind and polite and get along. Basically, don’t be a shit starter … and it is terrible for your security!
Businesses spend over $120 billion dollars a year on advanced cybersecurity to protect their networks and sensitive data. And yet hacks, breaches, and leaks continue to happen each day.
Why does this keep happening if so much money is spent on cybersecurity?
The answer is one word: “humans”. The weak link to your cybersecurity issues is the people that work at your company, the “humans”!
It is no secret to anyone that ‘humans’ suck at cybersecurity.
But why is that? Surely you have hired some very talented people, or you wouldn’t be where you are now. Truth is, their talent lies in helping your company be successful, not in keeping it protected. So, you need to give your employees a bit of a break on this, but you can’t give them a pass to keep making cybersecurity mistakes that put your company on the line.
Let’s identify some of the main reasons why humans ‘suck’ at security.
Poor password hygiene
With all the cyberattacks and hackers making headlines over the past couple of years, companies, organizations, and even the government have been promoting the need for people to handle their passwords in a manner that will keep their critical info safe. And even though when asked, most people will understand that having good passwords matter, their behaviors regarding password management has remained largely unchanged.
For example, a survey came out last year that showed that even though 91% of people know that using the same password for multiple accounts is not secure, they do it anyway! And that behavior continues when it comes to not changing passwords, reusing them, or using terrible passwords that are easy to guess.
Poor password hygiene is a big cybersecurity problem for many companies and their employees, and it continues to put your critical data at risk!
People just want to help
Cyberattackers and criminals know how to exploit the weaknesses of people. And one of those behaviors that they exploit is that most people just want to be helpful. They don’t want to be considered crabby, or unhelpful or un-caring, so they go out of their way to do the right thing.
Cybercriminals are aware of this and take advantage of the good nature of people to steal their critical data. This is called ‘social engineering’ (see full story here) and instead of creating codes and using technology to break in your system, they use the vulnerability of good people!
People don’t want conflict
The typical person does not like conflict and will often do or say things they are uncomfortable with to avoid conflict and issues with other people. Cybercriminals and hackers know this very well and will exploit that knowledge about human behavior to get you to take action that will make it easier to hack your system.
These hackers will use this dislike for conflict and put you in difficult situations to trick you to help them. They may call you and pose as an IT professional, a manager from another division of the company, or someone else of authority and tell you that you have made a bad error with your computer and it needs to be fixed now! Even though you aren’t sure or may not know this person, you don’t want to get into conflict with this caller or have them prove who they are, so you do what they ask — putting your entire network in jeopardy!
And keep in mind, it is not your fault, these people are professionals and know how to manipulate you. To protect yourself, you simply need to understand some of their tactics and never be afraid to have them prove who they are. One of the easiest ways is to ask for their phone number and you will call them back in a few minutes…if they are illegitimate you will know immediately!
People are click-happy
One of the easiest ways for cyberhackers to gain access to your computer and your companies’ vital data is when you click on a link in an email. It is no longer a safe assumption that an email from someone you know or think you know is real. Criminals may have compromised the sender’s account and may be impersonating them and hijacked their email.
People have a natural curiosity, so if they receive an email on a subject they care about, or from people or organizations they trust, they may get click-happy and click on the first link they see. So, don’t be click-happy, slow down and take time to read the email, make sure it makes sense and there is not a bunch of misspellings. Make sure it is legitimate and if you are not sure, do not click on any links and immediately talk to your IT professional to make sure!
Fear of making a mistake or dangers
Have you ever been on your computer when a large popup occurs saying your system has been compromised and you need to immediately click on this link or your computer will be compromised? This is the classic email hack causing millions of users to click on the link and compromise their computer.
Hackers and social engineers are experts at this tactic and it can be hard for people to not respond to an emergency. Most people do not want to make a mistake. They don’t want to walk into their boss’s office telling them they’ve made a mistake and their computer has been compromised.
People like convenience
It’s human nature to want things a bit easier. The internet and all the great technologies like cell phones, iPads, and laptops have made life easier for everyone…but it also has made it easier for cybercriminals as well. Even though those conveniences are awesome, they are also very vulnerable.
Here are some of the conveniences you probably use that you need to be wary of:
- Using Wi-fi hot spots
- Using public internet
- Carrying unencrypted drives, discs or laptops
- Ignoring mobile phone security
- Failing to have security packages on devices
- Not upgrading software
The convenience of the internet and all the devices we now have to access it are incredible, but they are also incredibly vulnerable to cybercriminals and attackers making them easy to get hacked if you don’t know what to look for!