• Partners
  • Contact Us
  • Client Support
Coretelligent
  • About
    • Why Choose Coretelligent As Your Managed Service Provider?
    • Core Values
    • Leadership
    • Testimonials
    • Careers
  • Solutions
    • Overview
    • IT Planning & Strategy
    • Comprehensive IT Support
    • Security & Compliance
    • Unified Cloud Management
    • Backup & Disaster Recovery
    • Co-Managed Services
  • Industries
    • Overview
    • Financial Services
    • Real Estate
    • Life Sciences
    • Technology
    • Professional Services
  • IT Resources
    • Resource Library
    • Blog
    • Events
    • Press Releases
    • Media Coverage
  • Contact
  • Search
  • Menu

Insights Articles

Our Information Technology Views and Articles

Cybersecurity and the Human Element

Insights
October 16, 2020

Businesses invest in all kinds of technologies to prevent cybercriminals from breaching their systems. Implementing firewalls, antivirus, and endpoint protection, organizations hope to put a barrier between an attacker and company data. Even though these tools can be very effective when implemented correctly, there’s a catch. Cybercriminals often bypass perimeter security measures by focusing their efforts on one thing, humans.

That’s right; humans play a critical role in data breaches. Attackers look for human errors to exploit and use social engineering tactics like phishing to obtain sensitive information and credentials. Once a cybercriminal possesses stolen credentials, they will look for ways to move laterally throughout your network.

So how do you put a firewall around humans (figuratively, of course)? You need to establish strong cybersecurity policies and provide user awareness training. User training and awareness are so critical to cybersecurity that The Office of Compliance Inspections and Examinations (OCIE) identified them as key factors in its Cybersecurity and Resiliency Observations report.

Cybersecurity Policies

To prevent users from putting your business at risk, create robust cybersecurity policies.

Password Policies

Make sure your organization has password policies. Bad password habits make it easy for attackers to gain access to your systems. Two of the most common password problems are weak and reused passwords. Attackers often use automated systems to guess passwords. The weaker the password, the easier it is to guess. Require your users to have strong passwords that are long and complex.

Your policies should prohibit users from reusing passwords. Reusing passwords makes it easy for an attacker to gain access to multiple accounts. For example, let’s say a user has the same password for their online banking and business email. If their bank becomes breached, that attacker now has information to access an email account at your business. From here, the attacker could impersonate the user, sending malicious emails throughout the company.

Lastly, your organization should create a standardized schedule for password resets. A standardized schedule improves security and keeps password policies top of mind for users.

Clear Desk Policy

Cybercriminals may use in-person tactics. Implementing a clear desk policy can prevent an attacker who visits your organization, an employee who’s an insider threat, or someone who wants to capitalize on an opportunity from stealing or leaking data. Require users to lock their computers when they are not at their desks. Any document containing personally identifiable information (PII), intellectual property, or sensitive information should be locked in a restricted storage area to prevent unauthorized access.

Security Awareness Training

Cyberattacks have become more sophisticated, making it difficult for users to tell the difference between cybercriminals and trustworthy sources. KnowBe4 reported that “1 out of 3 employees was likely to click on a suspicious link or email or obey a fraudulent request…” in their Phishing by Industry 2020 Benchmark Report. The good news is that this same report showed that users could substantially reduce their risky behaviors with phishing awareness training.

Human error often happens because users don’t understand the level of risk associated with their actions, and they are not familiar with the tactics used by cybercriminals. Comprehensive security awareness training should educate users on identifying attacker tactics and actionable steps they can take if they notice something suspicious. Organizations should also consider phishing specific awareness training as phishing is one of the most common attack vectors.

Businesses should conduct user awareness training regularly. After users have completed awareness training, your organization should verify the effectiveness of that training. Conducting a phishing test will help you identify your organization’s risks and help you further develop your training.

Reducing Risk

Even a human with the best intentions can make a mistake. Unfortunately, no matter how innocent the error, it can lead to a breach. In addition to cybersecurity policies and user awareness training, implement tools to strengthen your access rights and controls, and monitor your network for suspicious activities.

Multi-factor Authentication

If an attacker obtains credentials to your business, having multi-factor authentication (MFA) implemented can prevent the attacker from accessing your network. With MFA, a user needs to enter another factor like a code via an app or text in addition to their username and password. So, an attacker would require a user’s cellphone and their credentials to log into their account.

Active Security Monitoring

Organizations can make the mistake of assuming that they have security monitoring when they only have performance monitoring. Security monitoring detects suspicious activities and security incidents on your network, while performance monitoring is only checking for functionality.

If a human error allows an attacker to access your network, security monitoring can help your security team detect the attacker’s activities. It can be difficult to identify an attacker’s behaviors when they are masked by a legitimate account. Implementing a security event and information management (SIEM) platform helps security analysts identify an attacker’s behavior by making correlations between activities across the network. SIEM platforms allow security teams to investigate a problem before it turns into a breach.

Holistic Cybersecurity

At the end of the day, humans make mistakes. The truth is a data breach can happen even with the best technology and user training. Taking a holistic approach to cybersecurity is the best way to mitigate your risk. Coretelligent’s CoreArmor provides comprehensive security with user awareness and phishing training, real-time intrusion detection, and around the clock monitoring by our in-house Security Operations Center.

Call us at 855-841-5888 or contact us to learn how Coretelligent can help you improve your cybersecurity posture with CoreArmor.

Click here to sign up for our FREE cybersecurity risk assessment.

by Jen Wallace
« Five Topics to Cover in Your Next IT Strategy SessionThink About IT: SOC 2 Certification »

Latest Insights / Articles

June 21, 2022

Lessons Learned from the Biggest Data Breaches of 2022 (So Far)

June 13, 2022

Cybersecurity Threats Faced by Broker-Dealer FINRA Firms

June 2, 2022

IT Roadmap for Life Sciences Industry from Startup to IPO

May 31, 2022

Security and Compliance for Financial Services While Scaling Up

Read our Latest Resources
Broker Dealer Cybersecurity

Effective Cybersecurity Controls for Broker-Dealer Firms

Download Now
Best Practices for Safeguarding Against Critical Cyber Threats

Safeguard Against Critical Cyber Threats

Download Now
Strategic IT Planning

Paving the Road to Success with Strategic IT Planning

Download Now

About

  • Why Choose Coretelligent As Your Managed Service Provider?
  • Core Values
  • Leadership
  • Testimonials
  • Partners
  • Careers

Solutions

  • Overview
  • IT Planning & Strategy
  • Comprehensive IT Support
  • Security & Compliance
  • Unified Cloud Management
  • Backup & Disaster Recovery
  • Co-Managed Services

Industries

  • Overview
  • Financial Services
  • Real Estate
  • Life Sciences
  • Technology
  • Professional Services

Contact

Sales & Support: 1-855-841-5888

Email: info@coretelligent.com

Support Service Center

Let’s Talk

Schedule a no-obligation consultation.

Contact Us Today

Locations

Atlanta

Boston

Chicago

Dallas

Houston

Los Angeles

Maryland

New York

Philadelphia

Portland

San Francisco

Stamford

Tampa

Washington, D.C.

West Palm Beach

Virginia

Follow Us

  • Facebook
  • Twitter
  • LinkedIn

© 2022 Coretelligent. All rights reserved.

Privacy Policy

CCPA Privacy Notice

Scroll to top

This site uses cookies. By continuing to use this site, you accept our use of cookies. Our privacy policy was recently updated on November 2, 2018. Learn more about our Privacy Policy here.

I Accept