close

Cyber Security’s Weakest Link Is Still Human Beings

     The internet has been around so long that it is easy to fall for the mistaken notion that we should have security nailed down by now. Just like in the analog world, crime in the cyber world will not ever go away. Society will have to forever be on its toes to stay one step ahead of the thieves. In so doing, we need to continue focusing on cyber security’s weakest link: human beings.

    BenefitMall, a Dallas-based general agency whose business is primarily employee benefits, has been encouraging their brokers to embrace digital transformation. In a recent blog post discussing digital transformation, they dug into the importance of maintaining secure data transmission in a digital world.

    One of the points of that post is that cyber thieves are more interested in identities than networks. In other words, the IT sector has done a fantastic job securing the networks on which the internet runs. One thing they haven’t been able to do anything about is the human element. So rather than trying to break into networks, cyber criminals put their efforts into stealing identities that will get them into networks without hacking.

    The Art of Phishing

    One of the easiest and most effective ways to steal a person’s identity is through practice known as phishing. Cyber thieves continue to make their phishing activities ever more sophisticated, making them hard to detect if you are not paying attention. In a nutshell, phishing is all about getting unsuspecting victims to voluntarily give your personal information via email and scam websites.

    A typical phishing scam involves sending an email that looks like it’s coming from a legitimate company. Outside of the workplace, a consumer might receive an email purported to be from a well-known company – like Amazon, perhaps. Inside the workplace, hackers send emails to employees; emails disguised to look like messages from company executives, HR, etc.

    In nearly every case, victims are instructed to click a link in the email. When the web page comes up on their browsers, they are instructed to fill in pertinent information. It could be account information – like usernames, password, and answers to security questions. It could also be personally identifiable information like name, address, and social security number.

    Suspicion Is a Good Thing

    A lot of us are the types of people who don’t want to spend our lives being suspicious of others. But when it comes to online activity, suspicion is a good thing.

    BenefitMall encourages their brokers to establish email policies they can pass on to their clients. Those policies would help clients recognize the difference between a legitimate and illegitimate email purportedly coming from their brokers. The underlying goal of such a policy is to encourage clients to be suspicious.

    Although such policies are good idea across the board, they are especially important in the arena of workplace benefits. Why? For tax purposes, employers and benefits brokers need to keep meticulous records that include all the personally identify information a thief would need to completely steal someone’s identity. Much of that information flies back and forth during the open enrollment period. If it is not kept secure, hackers could have a field day.

    Evil men and women sitting behind computer terminals hacking away to break into a network make for good Hollywood action. In reality, there is an easier way for them to get what they want. They go after the weakest link in cyber security: human beings. We are often our own worst enemies in keeping our data secure. Needless to say that a little diligence would go a long way.