CyberSecurity/Data

5 ways to tackle the insider threat of human error

Data Joe Curtis

18:04, April 30 2014

image

How to protect against social engineering hackers.

No matter how many security policies and procedures you adopt, human error is the one issue you can never fully protect your company from.

Hackers love social engineering, luring employees to click on a tantalising link that lets cyber criminals dumps a load of malware on your network. At other times, hey - people are just stupid. They leave their tablets on the train, they drop their phone in the pub, with company emails about the latest strategy on it.

At a roundtable earlier this month, CBR heard from Dell, managed IT firm Colt and migration specialist Intragen on ways to protect against the insider threat.

A Dell-sponsored survey revealed that user error was claimed to be the root cause of a breach by 26% of UK respondents in the last 12 months.

Losing critical business data was a worry for 54% of respondents, while 35% feared the danger of data leaving the corporate network via a neglectful employee's mobile device.

Director of Dell Software for north Europe, Chris Miller, said: "This is quite concerning. Employees are a top three business security concern."

But how can you protect against human error? Well, here's five ways to do it.

Break down security silos

It's important to have one solution that encompasses everything, or at least solutions that can be integrated so you have one view of your network security, rather than many.

Miller says: "We tend to think about connected security. It's a way of bringing together lots of different areas. So at the firewall level, security around policies and provisioning; we want to bring them together in a connected way rather than having a huge framework of solutions."

Contain it!

Literally. Use containerisation technology for anyone using mobile devices to ensure that their corporate data and personal data are kept separate. This way, if their device is lost or stolen or the employee leaves the company, you can remotely wipe the device of any business information.

Comments

Post a comment

Comments may be moderated for spam, obscenities or defamation.