Why People Are the Biggest Threat Surface in Your Business (And What You Can Do About It)

Security

surface threat

If you’re like most IT professionals, you’ve probably taken extensive measures to secure your network appliances and applications in order to minimize the attack surface. There’s just one problem: your infrastructure isn’t the biggest threat to your business data. You are.

“The weakest link in any security chain is people – human nature dictates that we’re fallible,” explains James McDowell, Director of Services at security service provider Encription, recently acquired by BlackBerry. “We recently did an exercise to see how people responded to phishing attempts. Out of the 100 people who received our fake scam, we got 55 responses.”

In the webinar Is Your Corporate Data Secure? What About Your People?, McDowell explains how as the consumerization of IT continues to empower employees, their capacity to compromise sensitive information increases exponentially. And it isn’t just your own employees that can compromise you, either.

The Enduring Threat of Third Parties

It’s an easy thing to forget. Your business partners and contractors are just as much a part of your business’s threat surface as your own employees. A negligent vendor can provide a criminal with access as surely as anyone else can.

“I remember a few years back, I worked with a company that was very dedicated to security and that tested their systems regularly,” McDowell explains. “On the face of it, they were very secure. However, over a period of time, hackers monitoring traffic coming into and out of the business discovered that employees frequently ordered from a Chinese takeaway a mile down the road.”

Because the restaurant owners hadn’t taken the necessary measures to secure their own infrastructure, hackers were able to infect their website and use it as a jumping-off point for the real target.

“The real problem is tied to the advantage hackers have over us as people and companies,” he continues. “A hacker sitting in a room for three months will eventually break a system. We have jobs, lives, and priorities – we can’t afford to sit around for hours a day trying to figure out how we might be attacked; instead, we need to make security a part of our day-to-day processes, building it into our networks, systems, and people.”

Female climber holding onto hold on climbing wallEmpowering Employee Security Through Encription

In addition to hardening your infrastructure against intrusion, you need to educate your employees on security. The more someone knows about securing their own devices, the fewer the chances that they’ll be involved in a data leak. And the more they know about the identifiers of a scam, the lower the likelihood they’ll end up falling prey to one.

That’s where Encription comes in.

Encription’s services go beyond standard penetration testing. Their specialists also evaluate the human element of a business. How susceptible are your employees to phishing scams? How easily can an attacker gain physical access to a restricted area of your office? How much damage can a negligent IT professional cause?

Once an organization’s blind spots have been identified, Encription can set to work training your employees for better security awareness.

BlackBerry + Encription = Security

Educated people still make mistakes. That’s why you need a solution that ensures you’re protected even if employees neglect their training. Fortunately, BlackBerry’s recent acquisition of Encription means implementing such a failsafe has never been simpler; Encription’s clients have access to BlackBerry’s entire portfolio, including tools like SharePoint Protector.

“BlackBerry IS security,” says McDowell. “We’ve positioned ourselves with a like-minded company that shares our belief in security on a holistic basis. They aren’t just a partner – they use our services to test their own systems for vulnerabilities, as well.”

“And if BlackBerry has confidence in our abilities,” he continues, “that’s a very good sign.”

You can access an archived version of the presentation here. Other topics addressed in the webinar include:

  • The elements of a proper penetration test
  • Addressing the other security threats facing enterprises – insecure apps, malware, etc.
  • More details on Encription/BlackBerry’s partnership
  • Encription’s current plans and roadmap
  • The certifications that are essential in a vendor
  • The role the Internet of Things plays in data security

About Nicholas C. Greene

Nicholas C. Greene is a technology writer based in Calgary, Canada. An English graduate of the University of Calgary, he's written for publications and organizations such as VPN Haus, Streetwise, Northcutt, and The Coolist.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus