Dec 07 2018
Security

3 Ways to Solve the People Problem in Cybersecurity

Your organization is only as strong as the weakest link — don’t let employees go untrained and systems unprotected.
by

Karen J. Bannan is a freelance writer and editor who has written for a variety of publications including The New York Times, The Wall Street Journal, Time and CIO.

The IT department can lock down anything it wants, but all it takes is one careless human to cause a destructive breach. In a mobile society where everything is connected, human beings are truly the Achilles’ heel of security, explains one expert, and it’s one that needs a little more focus.

“There hasn’t been a lot of accountability of users,” says Garrett Bekker, a principal security analyst at 451 Research. “If they do something bad, there are no consequences, so people don’t take security as seriously as they should.”

What can companies do to solve for the human aspect of cybersecurity? Here are three steps companies can take to shore up their weakest links.

MORE FROM BIZTECH: Monitoring, malware protection and more build better business defenses.

1. Get Out of the Password Business

Between social engineering and just plain carelessness, employees and customers get into a lot of trouble clicking on links and sharing passwords. Kyle Randolph, Optimizely’s senior director of security, privacy and compliance, says it’s up to IT to remove the risk with single sign-on solutions.

2. Make Security Training Part of the Business

Granite Properties conducts security training for everyone who touches its infrastructure, including the 40 percent of its users who are contractors.

“Even if someone is locked down and can only get to a few things, you’ve got to make sure those people understand security and what phishing is, for example. It’s important to create a culture of security throughout an organization,” says Clint Osteen, senior director of IT.

3. Give Users the Security Tools They Need

While the cloud can be extremely useful, cloud applications can open potential security holes, says 451 Research’s Bekker. “We all know about shadow IT. If a user doesn’t like what you’re offering, that user will go find a free app. While it might be helpful, it can also be risky,” he says.

He suggests asking users about their needs and what they are using now so IT can find options that have been vetted for security.

Cybersecurity-report_EasyTarget.jpg

shapecharge/Getty Images

More On

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now