Contributed By

ComcastBusiness

Community Editorial Team

at Comcast Business

View Profile

To Bolster Cybersecurity, Small Businesses Must Account for the “Human Element”

September 24, 2019

Careless workers are to blame for more than half of cybersecurity instances. Users are often thought of as the weakest link in IT security, but they don't have to be. Learn how to turn your end users into your first line of education through education and well-crafted policies.

When hackers succeed, it’s often because they target unsuspecting users. They know users are busy, trusting, or distracted, and as a result, let their guard down when a suspicious email lands in their inbox or they chance upon a sketchy-looking website. Most cybersecurity incidents involve some type of user activity, be it clicking an infected attachment, visiting a compromised website, making passwords too easy to crack, misconfiguring a system or even sharing a computing device.

Usually, activity resulting in cybersecurity breaches is not malicious. Often it’s just careless. A recent survey of 1,000 IT professionals shows that careless workers cause more than half (60%) of cybersecurity incidents. Examples of such breaches in recent years include:

  • Through social engineering, the credentials of an insurance company’s administrator were stolen to break into a database containing employee and customer data such as names, addresses, Social Security numbers, and income data.

  • Hackers broke into a bank’s servers after administrators forgot to implement two-step verification to access one of the bank’s systems.

  • Cybercriminals used a third-party vendor’s stolen username and password to break into a retailer’s systems and steal millions of credit card numbers.

Such incidents are the reason users are often referred to as the “weakest link” in IT security. But they don’t have to be. Instead, businesses can turn their employees into their first line of defense by educating them about cybersecurity threats, promoting safe computing practices and implementing well-crafted policies to protect data. A focus on the “human element” of cybersecurity is more than a good idea; it’s an absolute necessity to help prevent cyberattacks. It takes only one bad decision by one user for a ransomware infection or some other malware attack to disrupt your operations for hours or days.

Educate Your Team

Education is key to addressing the human element of cybersecurity. Raising user awareness of cyber dangers should be a priority for all businesses. Cybersecurity training is most effective as an ongoing effort, ideally combining in-person sessions, online courses, and awareness campaigns with email reminders and posters.

Topics to cover should include the following:

  • Identify and avoid suspicious emails. This will help users avoid phishing attempts with URLs or attachments programmed to download malware into your network.

  • Set and enforce strong password policies. Teach users to come up with strong passwords or passphrases, enforce policies to change passwords frequently and prohibit password sharing.

  • Set browsers to warn users when visiting a site that has beenflagged as containing malware.

  • Block downloads from suspicious or unsanctioned sources.

  • Prohibit users from sharing company-owned laptops and mobile devices.

  • Teach users not to access sensitive company data through public WiFi networks.

Enact Common Sense Policies

Technology alone cannot guarantee the security of a company’s data. User education must be supported by common sense policies. If you train users and do nothing to enforce security rules, chances are users will fall back on bad habits that can lead to a breach.

Security policies are multidimensional. Password policies are a good starting point, but businesses also need to address who gets access to which systems. Employees should be granted permissions only to those systems they need to do their jobs. Businesses also need rules on whether employees are allowed to use their own mobile devices at work (BYOD). If so, those devices need to be monitored, secured with endpoint protection, encryption and — in case of loss or theft — wipe capability. Mobile devices also should be containerized to keep company data separate from personal files. When employees leave the company, take immediate steps to disable access to company systems, make sure all company-owned devices are returned, disable the employee’s email address, and change passwords to sensitive company assets for which the employee had privileges. All of these steps seem obvious, but businesses often neglect them.

Set a strategy

End users are often the weak points that enable cybersecurity breaches, but educating your people is only part of the battle. Understanding the threats and what cybercriminals are after is essential to building strong cybersecurity defenses. If you know your enemies, you have a better chance to defeat them. In addition to user education, here are some other essential components of a comprehensive cybersecurity strategy that will grow with you:

Implement advanced tools: Businesses need tools that deliver endpoint protection, scan for breaches, secure the network through firewalls and other methods, and perform threat analysis to keep their data safe. Cloud-based platforms that address multiple security layers typically are the easiest, most affordable path to cybersecurity for small businesses.

Invest in expertise: It’s hard to have a full grasp of cybersecurity without expert help. For smaller companies, working with a managed security services provider (MSSP) is the best bet, though even businesses with in-house experts can benefit from tapping a provider.

Secure mobile devices: As computing becomes more mobile and cloud-based, companies must include mobile devices in their security strategies or risk leaving a door open to cyberattackers.

To effectively ward off the ever-changing raft of security threats, you need a comprehensive strategy that unites user education, common-sense policies, and a robust protective technology layer.

To protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network. Learn how Comcast Business’ cloud-based network security solution SecurityEdge can help.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up

OR

Join the Discussion

300 Characters Left





To Comment either Register or Login:


OR

To view the rules of engagement for commenting on Comcast Community click here

network-security

Resource Center

Why Comcast
Comcast Business delivers fast, reliable networking solutions built for business performance and growth

Current Offers
Take advantage of our limited time offers with a customized plan built to give your business an edge over competitors

Community Forums
Find solutions, share knowledge and get answers from customers and experts

Help & Support
Get help and support from Comcast experts

Resource Library
Find out how Comcast has helped clients like you meet their needs with informative White Papers, Case Studies and more

Internet Speed Test
Try the Comcast Business Internet Speed Test to see how your business stacks up

Social Media
Connect with Comcast and join the conversation on LinkedIn, Twitter, Facebook and Google+

Take your business beyond

Fast is the nation's largest Gig-speed network. Beyond Fast is technology that helps business boom.
Learn more about Comcast Business solutions that can help your business perform better.