Users are still the weakest link in the IT security strategy

Michael Morton, Solutions Architect at specialist managed IT security services company, Securicom

---

Cyber security threats are constantly evolving, but one remains the same – users. When asked whether users really are still the weakest link in companies’ cyber security defence strategy, Michael Morton, Solutions Architect at specialist managed IT security services company, Securicom, says: “Yes, yes and yes.”

He says data on the prowl is probably the biggest reason why users remain a persistent threat to IT security.

“Today, almost every employee in the average corporate has the ability to work on the move, using their devices of choice and generating and processing company data from wherever they are. This means company data is everywhere and companies are losing their grip on it.

“Mobile devices and tablets in particular present an array of threats for businesses. When employees use their own devices for work, and these are not secured or managed, they make for a perfect gateway for attack on company networks. Add to this the possibility that, with the capacity of these devices, an employee could copy the entire CRM or financial database and walk out of the door without anyone knowing, and you begin to understand the risk that the unsanctioned use of mobile devices poses to businesses. Users are plugging peripherals into computers that store critical business information without restriction.”

If you are wondering what the big deal is, ask yourself these questions:

• Is your company at risk of non-compliance with legislation by not securing company information?
• Could you face litigation if confidential information were to be exposed to unauthorised people?
• Can you afford the costs of containing the leak and legal expenses?
• Do you have important business information or trade secrets that you want to protect from outsiders?
• Do you want your customers’ information shared with a competitor?
• Do you want your financial information exposed?
• Do you want to protect your business, your employees and your customers against fraud?
• What impact would it have on your business if your business critical systems failed?

“You need to have control of your data. It is the lifeblood of your business,” stresses Morton.

He adds that users also unwittingly expose company networks and data when they use unauthorised apps from the Net, browse malicious Web sites, click on unsafe links in e-mails, respond to phishing e-mails, or dish out information on social media.

“These behaviours not only increase the risk of malware infiltrating the company network, but also the risk of fraud or identity theft,” says Morton.

He concludes: “Employee education is paramount and IT security should be elevated to be the concern and responsibility of every single person who has access to information technology within an organisation. In addition to effective security tools and ongoing monitoring, companies must ensure that their employees use the IT resources, the Internet and e-mail responsibly. They must understand the risks associated with e-mail, downloading files and applications from the Internet, accessing unsafe Web sites via spam messages, Internet browsing and giving out their personal details over the Net.

“Not even the most robust security technologies are 100% effective if user behaviour creates vulnerabilities. With most privileges comes an obligation. To enjoy the privilege of accessing and working with company data outside the office, employees must understand that they have an obligation to follow the organisation’s required security policy guidelines and use IT resources responsibly.”