Human Error & Network Security Risks
Everyone’s heard of the Great Wall of China. It was built as a means of keeping out barbarians, and though it had some occasional moments of success, it was vulnerable to things like human frailty, specifically bribing the gatekeepers. That particularly simple and straightforward tactic occurred during the Ming dynasty, when the Manchus, conquerors of China in the 17th century.
That just goes to show you; you can come up with a truly impressive engineering marvel designed to provide you with safety and security, only to get let down by the imperfect human element.
Time and technology have changed, but it’s still the same old story. Take network security, for example. You can have all of the impressive firewalls, malware detectors, and anti-virus applications out there, plus an extensive procedure for generating hard to guess passwords, but it takes just one sloppy, unthinking person to bring it all crashing down.
In fact, according to the article “How To Minimize The Risk Of Human Error To Your Network Configuration” , a 2013 study revealed that errors by employees and contractors are the root of about 35% of all data breaches.
How does human error affect security risks? Check it out…
Same Old Passwords
Here’s a big offender. Let’s skip the folks who never get around to changing the password from the generic “Password” that’s usually assigned to first-timers, because that’s just sad. Fortunately, there are plenty of people who do in fact change their password to something decent. Unfortunately, they then make the mistake of never ever changing it ever again, which of course increases the likelihood of discovery.
Then there are those employees who share their passwords with co-workers.
Or the folks who change their password to something very clever, but may run the risk of outsmarting themselves at some future point, so they … write it down somewhere.
Come on, people. What’s the point in even having a password, then?
(Not) Deleting Files
For the number of times the joke has been made about people being caught at something naughty due to their undeleted browser history, you’d think that this would help people remember to delete files that they are no longer using. No such luck. Through carelessness or forgetfulness, people tend to leave old files on their systems which they no longer need, and yet still contain information which, if in the wrong hands, could cause damage.
Feelings Of Insecurity
Or rather, using an insecure wireless network to access the Internet. By this time, it’s common knowledge that hackers can easily tap into an insecure wireless network and get into people’s systems. An employee has zero business in having sensitive work files on their laptops while accessing a public wireless hotspot with little to no security.
And speaking of laptops …
Looking Over Your Shoulder
In the days before computers, especially mobile systems like laptops or tablets, people would read newspapers and magazines in public places, and run the risk of having people reading over their shoulder, especially while taking public transportation. Irritating, but not fatal.
Nowadays, people who are using laptops in public run the risk of having people check out what’s on their screen. All you need is the wrong information appearing on that screen, and have it seen by the wrong person, just one time, and congratulations, you have a data breach.
There are in fact privacy screens out there for sale; it just seems that not enough people use them. And if you want something worse than people reading your laptop’s screen while you’re sitting there …
While You Were Away
There are so many things we shouldn’t leave unattended in public, regardless of the length of time spent away from it: children, a car with the engine running, your purse or wallet, your keys. Add laptops to that list. Even people who plan to just run up to the coffee counter and get a refill, something that will take no more than five seconds, are vulnerable to some passerby seeing what they shouldn’t.
It may seem like a paranoia-induced scenario, but consider the possibility of someone who is a known employee of a particular company, and who has a daily routine. If someone wanted to check out the laptop’s screen, they could have their smart phone camera ready, walk by the unattended laptop, snap a photo of the screen, and keep right on going, the owner, who just left his seat to get a refill, wouldn’t even know what happened.
USB flash drives are great things. They’re such a convenient way of carrying important files with you. They’re so compact, so portable, so easy to lose! What’s worse, many people fail to safeguard or encrypt them in any way.
This all may sound like a nightmarish litany of terrifying scenarios designed to fill people with dread and uncertainty. Perhaps it’s because that’s what it’s supposed to do: to drive home the point that the human element carries a lot of potential of security vulnerability.
When administrators are made aware of potential trouble-spots, they can take steps to ensure that security is tightened and disasters are averted. Stay alert, and remember that people make mistakes. After all, they’re only human.
About Author: John Terra has been a freelance writer since 1985. As a computer operator in the 80’s, he made more than his share of mistakes.