Humans: The Weakest Link

Speaking while moderating The Weakest Link: Employee Practices Around Cybersecurity, Judy Selby (partner of BakerHostetler LLP) said “Employees are at the root of most cyber breaches,” according to a recent Forbes article.

The panel, The Weakest Link: Employee Practices Around Cybersecurity, was held at Legaltech in early February. Participants included Gamelah Palagonia, founder of privacy professionals; Amy DeCesare, AVP, Litigation Management, Allied World and Xenia Ley Parker, principal of XLP Associates.

Employee behavior, often human error, is the cause of cyber breaches more often than not. Whether it’s by accident or an intentional act by a disgruntled staffer, people are often the reason cybersecurity attacks get through.

So what’s to be done?

  • Ensure all devices are password-protected. It sounds basic but it’s the bare minimum step everyone should be taking.
  • Create auto backups and store them separately to the originals.
  • Be careful with suspicious emails.
  • Use a protected browser.

Here are five tips to protect your firm straight from the Forbes article (link below):

  1. 1. Strengthen passcodes: The longer the passcode, the harder it is to break. To make passwords easy to create, use a phrase such as “I love eating cherry pie” and then substitute some of the letters for numbers, use both upper and lower case and add a symbol to create a password that looks like “1LoveEatingCh3rryPie!”. Passwords longer than 20 characters are best and should be changed every 30 days.
  2. 2. Manage email: Emails are an important source for discovery in litigation. To mitigate risk, create and follow a policy to auto delete emails on a pre-established timetable. Don’t store files in email. Don’t send work home to your personal, unencrypted email accounts on your personal computer where it can be accessed by your family.
  3. 3. Beware phishing emails: Trust, but, verify. Do not click on any link within an email. Create employee policies that include specific consequences for employees who repeatedly click on links and introduce malware into the organization.
  4. 4. Limit the use of removable media: Many firms disable the UBS port. Provide your employees with encrypted devices to use.
  5. 5. Control Use of Web Based Applications for Business Purposes: Use technology to block access to certain websites, such as file sharing sites like Box or DropBox. Create Social Media Employee policies that are reinforced with technology that control access to various features. Remember: Social media users consider themselves part of a tribe and are more likely to click on links from a “friend” or “follower”.

 

For more information, see the original article here: http://www.forbes.com/sites/joannabelbey/2015/02/27/the-weakest-link-in-cybersecurity/