Don’t Blame the Human

threat mitigation small banner

Humans are often thought of as the weakest link in the cybersecurity chain. End-user training and education is crucial to help condition users to recognize the dangers that lurk in the digital world. Physical restraints should be put in place in order to assist with preventing human error from taking place. These should include:

  • MFA and password complexity. Accounts that have access to critical data should have some form of MFA implemented. All accounts should use a password of at least 15 characters and complexity.
  • Account holders should only have access to what they need in order to perform their jobs. Practice the principal of least privilege.
  • Use firewall rules to control traffic entering and leaving the network.
  • Shut off services on servers that are not used.
  • Enable VPN access for those who need to access network resources.
  • Take control of security patches. Enable an automated process.
  • Use an end point detection and response solution.
  • There needs to be a balance between physical mitigation strategies and user education. There is no silver bullet for combating all the cyber risks that organizations will face. That is why a layered approach is always recommended. Although an ongoing cybersecurity awareness program is crucial to the security of an organization, security fatigue can develop. When the staff is feeling bombarded with rules, trainings, policies and procedures, it can be exhausting. This can be detrimental to the strategies being put into use, so it is important to recognize this and consider some of these options:
    • Change up the way you present security awareness education. Try using contests and games. Make the training sessions short. Make it relatable. Use real world examples.
    • When enforcing login security with MFA, consider least effort solutions. Use password managers, biometrics or tokens.
    • Pay attention and invite feedback from users about security concerns.

If physical constraints are not instigated, you are leaving the end user subject to becoming the weakest link. Creating a culture where everyone understands the risks and why these mitigations are necessary will help everyone stay safe when using digital resources.