mailing list archives
Your Biggest Security Threats are Convenience and Ignorance
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Mon, 14 Jul 2014 19:31:00 -0600
Data breaches are problems that don’t just affect the largest firms out
there. A quick look at our recent infographic The Crippling Cost of Data
Loss reveals a lot about data breaches. For instance, businesses lost an
average of $3 million dollars in the US due to lost business as a result of
data breaches in 2013.
You’d think most of these breaches were the result of some sort of attack—a
hacker or group of hackers trying to break in and find anything they can.
Interestingly enough, 55 percent of security breaches were caused by human
error, which is something we’re all familiar with.
One can speculate as to why human error is a key piece of so many security
breaches, but the fact is that these errors are likely the result of one
(or both) of two things: a need for convenience, or simple ignorance.
We constantly trade security for convenience. We’re all guilty of having
written down a password on a sticky note. We’ve all likely allowed our web
browser to remember our passwords for us, or perhaps we signed up for a
password manager that does it all for us, but the best example of choosing
convenience over security is our smartphones.
How many people do you know have a password on their phone? It keeps things
secure, but man, what a pain!
I hate typing in my short pin each time I open my phone, but I know that if
I don’t lock up my phone and I lose it, someone will have far too much
access to my personal information. Someone could even order things through
my accounts, and might even be able to find a credit card I’ve got on file
somewhere, all because I didn’t have a password.
Now when you’re talking about business, the concept gets even stickier. I
don’t know a single person who hasn’t at one time or another felt like
there’s a constant battle between workers who need to get things done and
IT admins whose job is to keep security threats at bay.
I’ve encountered the problem myself, and while I certainly feel security is
important, I also need to do my job efficiently. When security gets in the
way, people get frustrated.
Firewalls could be blocking a site that would help employees complete a
certain task, or perhaps certain security protocols won’t let them use a
time-saving Word Press plugin. Security can slow things down in a variety
of ways, but it’s essential. Especially with data like Verizon’s reporting
that businesses confirmed over 1300 data breaches in their organizations in
2013—a clear reminder that data breaches are a problem.
The best IT providers won’t compromise much on security because if the
wrong threat gets in, a business could end up in next year’s report.
I had a math professor who was fond of calling his students ignorant. He
was tired of the frequent misuse of the word he’d heard on campus, so he
aimed to take it back to its actual meaning. Put simply, an ignorant person
is someone who doesn’t know something. We’re all ignorant (some more than
others), but the fault isn’t always our own, and that’s useful to think
about when you’re ready to bash an employee’s head for clicking an infected
A lot of computer users just don’t really think about security measures,
and plenty never have the thought of security even pop into their head.
They’re on the path of convenience and they likely don’t know what sort of
problems they can cause by not being judicious about security. Really,
though, they don’t have to continue being ignorant—you can do something to
Rather than get frustrated by user error, you can accept it and work toward
remedying it by educating users. There are a variety of simple ways to do
so, and IT admins are in a great position to help users understand more
about the technology they rely on, especially from a security perspective.
Locking systems down is one way to keep things secure, but that gets in the
way of the convenience that lets employees get things done efficiently.
Whether you’re emailing users tech tips, providing them with useful
articles, scheduling quarterly security sessions, or whatever, you can give
them a better understanding of security. With some luck, this will allow
you to loosen tight security restraints and find a happy balance that keeps
systems both protected and open.
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
sales () riskbasedsecurity com
Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus
on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
- Your Biggest Security Threats are Convenience and Ignorance Audrey McNeil (Jul 18)