Introduction
Human error is the biggest threat to IT security according to Robinson (2008). Robinson goes on to say that employees remain the weakest link with regard to safeguarding an organization’s data. Human error is seen as the number one reason for network security failures, according to a survey by AlgoSec (2011).
The Threat
Despite the common public view that the most risk to corporate data security comes from the external hacker breaking in and taking sensitive data, Robinson (2008) reports that 86 percent of IT directors think the biggest threat comes from within because their colleagues are not adhering to security policies. These security threats have been so successful mainly because the majority of company employees have no idea how these modern network security attacks function despite being regular Internet users themselves. Many individuals only have a vague idea that these threats even exist.
However, educating staff to never open an email attachment that they weren't anticipating, regardless of who the sender is, will be unable to stop worms from infecting organisations networks. This is because even though worms are often originally delivered via email, an attachment is not needed for an email to be infected and unlike viruses; worms can spread on their own.
One way for organisations to protect their networks from spam email is to insist that employees use separate accounts for their personal Internet use, and stipulate that company accounts are not be used to sign up for any offers or other online service.
Packet sniffers can also be a serious issue but if organisations educated employees so they are aware of the actions and consequences of packet sniffers and instruct them to never access the Internet via an unsecured connection, organisations are less likely to become a casualty of this hacking method.
Strong policies for password management including requiring passwords with a mixture of uppercase and lowercase letters plus numbers should be enforced, in order to counteract any password deciphering. Passwords should never be a word, this is because programs exist that can automatically try millions of permutations in order to break a password.
Conclusion
Unintentional human mistakes are seen as a main reason behind many network security issues and these threats can take many forms. In order to prevent such attacks, organisation should implement strong usage and privacy policies for their employees to follow and ensure that these policies are monitored and enforced.
References
AlgoSec. (2011). Human error primary reason for network security outages. Retrieved from http://www.infosecurity-us.com/view/18075/human-error-primary-reason-for-network-security-outages
Robinson, J.J. (2008). Human error is the greatest IT security threat. Retrieved from http://www.information-age.com/home/information-age-today/816227/human-error-is-the-greatest-it-security-threat.thtml
