Your employees should be your strongest defense against data leaks and cybersecurity attacks. Unfortunately, they are often the weak link that enable hackers to penetrate IT systems. While cybercriminals use increasingly futuristic sophisticated hacking tools, including AI, they rely heavily on end users to provide the opportunity. A 2019 report by data security firm Shred-It found that 47% of C-level executives at companies, which suffered a data breach, cited “human-error” as the main cause. It’s not only Shred-It participants reporting this. According to Kaspersky Lab, 90% of corporate breaches come from exploiting humans.

A customer or end-user can enable a hacker by opening infected attachments, clicking on fraudulent links, being careless with passwords or by sending sensitive information to a criminal pretending to be a boss or co-worker. IT employees have been guilty of lax security practices as well, such as failing to change administrative passwords or update applications.

“User-based threats are the biggest threats right now,” said Matt Tabor, the director of product management for TierPoint, echoing the stat that 90% of all data leaks are caused by an end user mistake.

This all creates a huge hole in your cybersecurity plan. How can you tell the difference between an intruder and your employees? To understand this, we need to first understand how the attacks work:

Common attack schemes to exploit cybersecurity

In his recent webcast Identity & Access Management Best Practices, Tabor explained that attackers use different strategies for tricking end-users into giving out information or executing a malicious application. For instance:

Deceptive phishing

Deceptive phishing occurs when  users are directed to a malicious copy of a legitimate web site, such as the sign-in page for a bank or supplier.  The tactic is useful for capturing login information, accessing business data and, of course, stealing money.

Spear phishing

Spear phishing is when an attacker masquerades as an employee of an organization in order to convince other employees to take some action, such as provide a password, share sensitive customer data or even send money.  The attacker often uses information from social media or hacked emails to make themselves more believable. CXO fraud is a form of spear phishing in which an attacker assumes the identity of the CEO or other top executive. One example of CXO fraud, a cyber-criminal successfully convinced the CEO’s assistant to send him the list of employees and their W2 data. This kind of data can be worth a fortune on the Dark Web.

Publicly available data from Google and social media, combined with the huge volume of information for sale on the Dark Web (e.g. medical records, drivers’ licenses, subscriptions, financial records) makes it easy for hackers to effectively spoof an executive. Tabor also says that busy executives are often the laziest with their cyber-security practices and particularly susceptible to online fraud.

How do you protect yourself against this trickery?

Guidance on the right cybersecurity approach

To safeguard your systems from would-be hackers, Tabor recommends implementing security safeguards throughout your IT environment, not just at the firewall. Specifically, identity-based access to applications, mobile devices and cloud services not only provides security checkpoints but also offers a way to monitor access.

Also read: Are Mobile Devices a Threat to Your Network Security?

File-based encryption for identity-based access

For securing data and other content, Tabor advises using an enterprise encryption solution. Encryption provides identity-based access for individual files both inside and outside of the organization. Enterprise encryption software allows you to grant or revoke access to a file even if it’s already on an unauthorized user’s drive.  

Cybersecurity evaluation questions

Tabor also advised IT organizations to evaluate their cybersecurity based on the questions below. The more “yes” answers, the stronger your security.  

  • Do you know who is accessing your data? Identity-based authorization and access solutions can identify users and track usage. Multi-factor authentication that includes biometrics (fingerprints or facial recognition) and encryption solutions are ideal methods for controlling access.
  • Can you detect high-risk behaviors such as an usual download or atypical activity between two applications? Machine learning is making it possible to evaluate a login based on multiple criteria, such as the location or IP address of the login, time of day and type of activity. An employee working in Chicago shouldn’t be logging in from Nigeria. If an employee normally works in the morning and only occasionally downloads small files, then a large data transmission at midnight should trigger an alarm.  
  • Can you quickly identify and react to a breach? Does your IT security team provide monitoring and alerting if an abnormal behavior or unauthorized access is detected? Can it block a malicious transmission? Developments in machine learning and risk profiling make it possible to detect and react to potential breaches much more effectively, noted Tabor.
  • Do end-users like their online work environment? People are adept at avoiding burdensome restrictions and policies that make their jobs harder. Making your cybersecurity processes as seamless and user-friendly as possible--such as through single sign-on vs requiring multiple passwords-- is essential to user compliance.

Learn about helpful cybersecurity tools

Watch the full webcast Identity & Access Management Best Practices to learn more. In addition to discussing cybersecurity best practices, Tabor explained how to maximize security using the right IT productivity tools, like Microsoft’s Enterprise Mobility & Security (EMS) platform. EMS includes identity access management, threat protection, cloud access security broker and unified endpoint management.

Learn about TierPoint’s IT security management services, including compliance, DDoS mitigation, endpoint, encryption, next generation firewall and other security services or request a security assessment.

Strategic Guide to IT Security

Subscribe to the TierPoint blog We'll send you a link to new blog posts whenever we publish, usually once a week.