Sunday, January 31, 2021
When it comes to Cybersecurity, humans are the weakest link
working correctly, but also to make sure no one’s accessing them who shouldn’t be.
It may sound like a simple task, but with over 6,000 employees scattered across 70-plus offices in 10 states, it’s not as easy as it sounds. Especially the cybersecurity aspect of it.
Yes, we have firewalls and other gadgets and software watching our systems so I’m not the only guard at the virtual castle gate telling every visitor: “Halt! Who goes there?” But as 2020 showed us in perhaps the most dramatic way possible, our collective workplaces are no longer a physical place that can be defended by virtual fortifications.
Nor are they even like the Iron Ring of castles that King Edward 1st of England built to subdue Wales back in medieval times.
In 2021, the workplace can be anywhere and it can change not only from day-to-day, but even hour-to-hour. The old way of constructing permanent, impenetrable walls around our workplace computer systems is about as useful as Edward’s quaint old castles against a modern army using artillery firing high-explosive rounds.
The key to cybersecurity these days is to protect the data no matter where it is. So instead of focusing on building bigger and better walls, we should instead concentrate on protecting the messengers who carry the king’s missives between his castles and cities.
IT folks like me are already doing this, but the more I learn about how to protect these messengers from the brigands and bandits who lay in wait in the dark alleys off the information superhighway, the more I realize that just throwing more technology at the problem is NOT the answer. In my opinion, it may actually make matters worse.
Adding complexity to any system, means there are more things that can go wrong, and as we’ve learned time and again, hackers are adept at exploiting the tiniest of flaws they find in any system. Adding complexity also makes it harder for regular folks to use and understand it. Human nature being what it is, means that people will then try to find a “quicker and easier” and way to get their work done, often bypassing the thing that’s meant to keep them safe.
And that’s really the biggest challenge in Cybersecurity these days.
The weakest link has – and always will be – the human element.
The average person does not know (or really care) about how technology works. Most only want to know which buttons to press to get a particular task done. The rest to them is magic.
And therein lies the problem.
IT professionals like me need to help to demystify technology and help regular folks understand how the devices they have come to rely on work. I’m not saying the average Joe needs to know how to debug a kernel panic, install an operating system or even swap out a memory module before using a cell phone, sending a text message or ordering pizza or toilet paper online. However, they should be taught how to apply the same basic safety tips and skepticism they use in the real world to the virtual one so they can keep themselves safe.
I know this seems rather obvious, but then again, so does driving a car. The gas pedal makes it go, the brake pedal makes it stop and the steering wheel lets you make turns.
Every kid knows this.
Yet we’d never give car keys to a teenager on their 16th birthday and let them figure out the rest on their own. Instead, we make them learn the rules of the road from a (hopefully) more experienced driver.
And that’s what I want to do over the next 12 months with a majority of my blog posts. I want to help folks learn how to detect possible scams and view every online transaction with the same degree of suspicion they’d have if someone claiming to know them came up to them on the street and asked them for their house or car keys.
I’m hoping this can be an open and interactive discussion, so please feel free to ask any questions, no matter how basic they seem, in the comments below and I’ll do my best to answer them for you either in the comments or in the next month’s post.
