Your users can, and will, make or break your cyber security success


Everywhere we look at the moment we see stories of how hackers are upping their efforts during the Covid-19 climate, however interlinked with this spike in malicious attacks is another stark risk that businesses need to be aware of, users.

With the seismic shift to remote and online working the challenge for employers to monitor their users activity and ultimately protect their sensitive data. We have seen in recent years, a surge of machine learning and artificial intelligence based tools designed specifically to monitor, and then alert on unusual end user behavior and it is specifically these types of tools that businesses are now becoming heavily reliant on to ensure the security and integrity of their data is not compromised by users.

When we talk about the risks that users represent to a business, we need to make a clear distinction, between user error, and malicious activity. Both are potentially catastrophic but require different approaches to prevent.

User error

The bane of every tech team’s life, they spend days and weeks creating a multi layered, robust security posture, only for a non-technical employee’s mistake to undo their efforts. There are many ways this can occur, from clicking a malicious link to sharing sensitive data outside of the organization, user error represents a huge element of risk to a businesses overall security success.

Malicious or disgruntled users

With higher and higher numbers of people being furloughed/made redundant in the current climate, the risk of malicious activity from a user within your organization is higher than ever. There are many different stats around this kind of information out there in terms of percentages etc but the bottom line is that in a vast majority of businesses far too many users have access to far too much data, and it only takes for one of those users to use that privilege against the business for a potentially severe incident to occur.

It is estimated that over a third of data breaches now involve internal actors, according to a report published by Verizon. Traditional approaches to mitigating the risk around data leaks have been focused around detecting when potentially sensitive data, and whilst employers have long been able to monitor emails and web activities for signs of external threats but there has been some traditional discomfort about the implications of privacy around using such tools on staff.

The question, therefore, is how do we best mitigate against these risks? For us at C>Ways, we would suggest a two-pronged approach.

First and foremost, eliminate as much user error as possible, there are a number of brilliant businesses, software’s and strategies that we can leverage to achieve this.

Secondly, it is now essential for all businesses, whatever the size to be able to quickly flag and interrogate the behavior of end users. A number of great tools are available to allow employers to be made aware of suspicious behavior, without the need to turn their business towards an Orwellian 1984 esq set up.

For any advice and assistance around eliminating the risks your users can pose to your business, reach out and we’ll be happy to assist.