Modern-day encryption is surprisingly effective. Take the gold standard: AES 256-bit encryption. It’s military-grade, trusted by governments and top security professionals worldwide. The encryption keys use so many number combinations that it’s virtually brute-force proof. In theory, someone might be able to crack it if they invented a supercomputer or software that doesn’t currently exist. And if they had years to work on it. But that’s unlikely today, which is why most hackers don’t even bother. They can take down older, less-secure encryption algorithms. However, they wouldn’t even waste their time because they know all about the odds. Plus, there’s a much easier technique. There’s another alternative that makes sidestepping these airtight encryptions a breeze. It’s people. Especially, your coworkers and employees. Here’s why and how to protect yourselves.
Why people are the best target for hackers
Encryption methods are getting stronger. Advanced security measures like two-factor authentication are making it harder and harder for hackers to get what they want. And yet, cyber crime isn’t going anywhere. In fact, it’s only getting worse. How can that be?
Ninety percent of workplace attacks start with stolen employee information, according to one study. The scary thing is that there a reported 60,000 daily hacks, too. And fraud instances can happen up to 50 percent of the time, with each costing at least $114,000 to fix each.
People aren’t knowingly careless or negligent. However, there are bad habits or common mistakes that crop up. And they give hackers that tiny little opening they were praying for. Most of us are guilty of these from time-to-time as well. For example, how many of us use third-party software to hold information? I know I do. Maybe you use a personal email account to send company information. Maybe you use Google Drive or Dropbox to moves work files, so you can access them at home. Whatever the case, these often fall outside of a company's safeguards and security. Another similar example includes using work tools inappropriately. That could mean sharing passwords with colleagues, so they can get around IT hold-ups and get you what’s needed by the end of the day. This problem extends to giving people too much access to things they don’t need. There’s always another “special request” for someone, somewhere, to gain access to something that they’ll rarely, if ever, need. That’s especially true in today’s remote working culture. VPNs have been used for businesses for decades for this very reason. It provides a safe, secure way for people to be able to login from anywhere at any time. Microsoft’s PPTP VPN protocol, for example, is still popular for this very reason. The problem is that it’s outdated and can be easily hacked if given enough time. So, you might think you’re secure or that employees will be covered – but they might not be. Thankfully, you’re not completely defenseless. There are a few things you can do to help fix the issue. Here are some of the top recommended fixes.
How to help safeguard your employees
Digital access is a double-edged sword. You see how easy it is for anyone, anywhere, to potentially gain access to your secure network. However, if managed properly, it can be a good thing, too. For example, you should be able see a complete record of everyone that comes in or out. You should be able to track all documents or other pieces of information that flow through the door. There should obviously also be policies in place to dictate the inevitable. Your people will want to use Dropbox at some point. They might email themselves information to bring it up on another device later. So, how can you either (a) help them do this more securely or (b) provide another alternative to help them bypass the risks typically associated with this? There are significant risks with popular file sharing apps. But most employees are focused on getting work done on time than potential security leaks. They won’t hesitate to move files in the cloud if it helps them accomplish that goal. Most companies underinvest in cyber security. And as we’ve seen, it’s not always a technology reason but more a behavioral or cultural one. There are ready-made solutions out there. Simple, inexpensive software like LastPass or 1Password can help reinforce better security habits. They can limit the potential for simple copy-and-pasting mistakes to happen, like the time an employee for a government contractor accidentally posted sensitive passwords online. There should also be a clear, obvious line drawn between which data is absolutely confidential and which isn’t. Employees need to immediately understand how to treat each to limit the potential downside. They don’t want to see anything bad happen. They don’t want to purposefully expose sensitive information. However, without the proper knowledge, training, and processes, they also won’t hesitate to find more convenient workarounds when they’re under pressure to hit tight timelines.
About the Author: John Mason is a Cyber Security/Privacy enthusiast working as an analyst for TheBestVPN.com. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
