And What You Can Do to Avoid It
by Elena Georgescu, Communications & PR Officer at Heimdal™ Security
You might consider that cybersecurity is something that only companies need to worry about – you couldn’t be more wrong. As long as you own and use a mobile phone, a computer and devices like smartwatches, smart locks or connected cars (which fall under the category of IoT – Internet of Things), cybersecurity and cyberthreats concern you too and there is an aspect that is particularly dangerous – human error in cybersecurity. It can happen to you too, anytime, so let us learn more about it.
Human Error in Cybersecurity – Definitions
Cybersecurityrefers to all the technologies, processes and attitudes that aim to protect data, devices, programs, systems and networks from cyber threats and attacks.
Human error can occur both at home, involving your personal devices and data, and especially at your workplace, as an employee. In the last case, if business data and systems are affected, the consequences can be severe, since the company may lose time, money, clients, partners and can even face lawsuits.
Human Error in Cybersecurity – Examples and Causes
Human errors can be skill-based or decision-based.
Skill-based human errors
We call skill-based errors those small mistakes that occur during familiar tasks or activities. The users know how they should proceed, but fail to do so because of a temporary slip.
Decision-based human errors
There are also decision-based errors, when users make faulty decisions because they do not have enough information about a specific action or task.
Human error can appear because people are tired, not paying enough attention or are somehow distracted, but also because there is a lack of awareness or because of the environment. Maybe there is a very hot or very cold day, or there is not enough privacy and a lot of noise.
A few common human errors are:
- using weak passwords or storing passwords in unreliable places: plain text, Google sheets or even on sticky notes on the office desk or around the house.
- improper handling of sensitive data:accidentally deleting sensitive files, often without knowing they’re important, sending sensitive data to the wrong recipients, not backing up important data.
- using outdated (or unauthorized) software, ignoring software updates, downloading compromised software.
- opening email links or attachmentswithout paying attention.
- using public Wi-Fi without using a VPNor plugging in insecure devices, like unknown USB storage devices.
In the business world, examples of serious cyber incidentsthat were caused by human error are countless. I’ll mention just a couple:
- In August 2018, a Strathmore secondary collegeemployee accidentally posted over 300 student records on the school’s intranet. The records included information about medical conditions like ADHD, autism or Asperger and also about behavioral and learning difficulties. The data remained on the intranet for about a day and could have been downloaded or viewed by any parent or student.
- At the beginning of the same year, the Defense Travel System of the United States Department of Defensesent an unencrypted email to the wrong recipient list. The email reached some civilian accounts, exposing personal information about roughly 21.500 marines, sailors and civilians. The data included data like bank account numbers, emergency contact information and even truncated Social Security Numbers.
Human Error in Cybersecurity – Common Social Engineering Strategies
When it comes to malicious actors trying to deliberately make you slip, you must know that one of their favorite practice is social engineering. Social engineering attacks are those attacks that in the first instance exploit human weakness.
Attackers gather information about their targets, plan their attack, acquire tools, attack and then used the acquired information to continue with their malicious purposes.
The most common types of social engineering attacks that you should be aware of are:
- Fake applications or messages that contain infected attachments– once opened, malware gets into the victim’s device.
- Phishing – emails or messages sent through other channels that seem to be from an entity the targets trust, like a bank or Google, Facebook etc., in which attackers ask them for sensitive information or to enter login details.
- CEO fraud– in this case, cybercriminals pretend to be their target’s boss or some other authority figure and ask them to send them money or give them access to sensitive information.
Human Error in Cybersecurity – Prevention
What can you do to prevent human error and make sure that you keep both your personal data/devices and business data/endpoints safe? Well…
Know your enemy. Make sure you have some basic cybersecurity knowledge, that you are aware of the dangers that are out there and that you always follow basic safety rules. Examples: be careful what you plug into your computer; never leave your laptop or phone unlocked; listen to your intuition and, if something sounds too good to be true – or too urgent -, don’t provide the confidential information you’re asked for and so on.
Take care of the passwords you use.Don’t use simple passwords, don’t reuse them, don’t leave them in plain sight and make sure you change them at irregular periods of time.
Take care of yourself and your environment.Make sure you get proper rest to keep your focus and concentration and that you work in an organized and quiet environment, if possible. Also, the temperature there should not be too hot or too cold.
If the company you work for does not already use cybersecurity software solutions, tell them about the importance of using an antivirus, a privileged access management tool and an email security solution. Privileged access management tools guarantee that everyone gets access only to what he or she needs to perform their daily tasks and nothing more.
Human Error in Cybersecurity – Wrapping Up
In many cases, cybercriminals rely on human error and human weakness to fulfil their malicious ends. Make sure you are aware of the cyber threats you may face and that you always proceed with caution when it comes to the use of the Internet, your devices and the data you handle.
About the Author
Elena Georgescu is a Communications and PR Officer at Heimdal™ Security,a leading European provider of cloud-based cybersecurity solutions. At Heimdal™, she combines her passion for reading and writing with her desire to make a positive impact on the world – through education.Elena can be reached online at firstname.lastname@example.org at the Heimdal™Security’s website – https://heimdalsecurity.com/en/.