| Introduction | | | | number 4 for the top 10 information security |
| In this article I would like to discuss the fact that | | | | threats of 2010 their survey stated the following: |
| careless and uneducated computer users are a | | | | Careless and untrained insiders will continue to be |
| leading cause of breaches in information security. | | | | a very serious threat to organizations in 2010. |
| Simple controls and informing end users could | | | | Insiders can be broken down into three |
| greatly reduce the financial losses experienced by | | | | categories: careless & untrained employees, |
| businesses and home users. | | | | employees that are duped or fall prey to social |
| Discussion | | | | engineering type attacks, and malicious employees. |
| In the past few years the number of viruses and | | | | Protecting a network and critical and sensitive |
| worms on the internet has increased | | | | data is done very differently for each type. |
| tremendously. Credit card fraud, identity theft, | | | | Policies, procedures, training and a little technology |
| information breaches, and social engineering are | | | | can make a world of difference in reducing an |
| occurring more and more every year. As | | | | organization's risk to careless insiders (Top 10 |
| information systems and computers continue to | | | | Information Security Threats for 2010). |
| become more and more complex, the number of | | | | Another factor contributing to user error is lack |
| human errors increases. | | | | of common computer knowledge. Many computer |
| Information security has primarily been thought of | | | | users today only know the very basics of using a |
| as securing hardware and software. But recently | | | | computer such as, writing documents, sending |
| statistics have shown that 80% of information | | | | emails, and checking the weather online. These |
| breaches are caused by human factors such as | | | | users don't even know that they are supposed to |
| inadequate information assurance knowledge, | | | | have anti-virus software installed or how or why |
| improper training, and failure to follow security | | | | to install updates. These users are the main |
| procedures (Bean). These frequently overlooked | | | | target of malicious software programmers. This |
| threats often lead to costly financial losses for | | | | type of user omission can even lead to a |
| companies and even private computer users. | | | | computer being compromised and used to host |
| Many companies and organizations tend to focus | | | | the malicious software to other unprotected |
| primarily on technological controls while ignoring | | | | computers. |
| that human error can just as easily lead to | | | | Not only do uneducated computer users cause |
| breaches of information security. Technical | | | | errors but sometime even the programmers |
| solutions are a direct and very important | | | | make mistakes in their code that can be exploited |
| approach to controlling security but these solutions | | | | by hackers. These errors made by programmers |
| don't account for ignorance or omission of the | | | | are usually used by hackers to gain control of the |
| people that use the systems. While the | | | | affected application. These errors are usually |
| administrators and technicians discuss security | | | | found and patched, but again what about that |
| issues and concerns, these conversations do not | | | | user that doesn't know to install security patches? |
| educate the end users. | | | | Application |
| While studying Information and Computer | | | | There are many different ways that uneducated |
| Technologies in college, I worked with the student | | | | and irresponsible computer users may cause |
| computer support center, performing tasks such | | | | breaches of information, but what are some |
| as removing malicious software or troubleshooting | | | | strategies that we could use to encourage end |
| network issues. After working there for several | | | | users to follow proper procedures to ensure data |
| weeks I began to realize that most computer | | | | confidentiality and integrity? What are some ways |
| users don't even care about their security. They | | | | we can inform and encourage people to learn |
| just want the computer to work and when a | | | | more about security? |
| virus gets to the point of corrupting their | | | | A past study conducted by the Computing |
| operating system and rendering it inoperable they | | | | Technology Industry Association (CompTIA) has |
| finally seek help only to return several weeks or | | | | shown that when a company trains one in every |
| even days later with the same problem. This | | | | four IT employees in information assurance |
| attitude creates havoc for network administrators | | | | fundamentals, it is 20 percent less likely to |
| and encourages people that make viruses. | | | | encounter a security breach (Bean). This study |
| According to a survey conducted by AOL, there | | | | shows that if a company spends a little more |
| is a gap between users' perceptions and the | | | | money on training employees it could save money |
| prevalence of actual threats on the internet. This | | | | in the long run. Companies can also keep their |
| causes many home computer users to ignore | | | | employees up to date and more involved with |
| typical security precautions such as anti-virus and | | | | current security concerns. |
| firewall software, which threatens sensitive | | | | As for the personal computer users there needs |
| personal and financial information (Roberts). | | | | to be drastic measures taken to better inform |
| Not only do private computer users deal with | | | | and mold users into security aware computer |
| these problems but businesses and corporations | | | | users. This should be the responsibility of the |
| lose millions of dollars due to security breaches | | | | maker of the operating systems. They could |
| and most of these are linked back to a human | | | | possibly implement a "wizard" type process that |
| error that there was no technical defense in place | | | | will first question the user for current security |
| to prevent. Regardless of all the money spent for | | | | knowledge. Once the user's level of knowledge is |
| physical and software security measures most | | | | known, certain safeguards could be put into place. |
| organizations are still vulnerable to some of the | | | | A simple training tool could also be implemented to |
| most basic security risks. In order to prevent | | | | spread user awareness. |
| these risks from happening we must first | | | | If simple steps are taken to inform and educate |
| recognize the different types of human error and | | | | end users, it could lead to a more secure internet |
| inform the users of the possible risks and how to | | | | for every one. The human factors of information |
| avoid them. | | | | security should be a very important concern for |
| Human Factors | | | | all IT systems and viewed as equivalent to |
| Human errors can be made in several different | | | | technical concerns. |
| ways. | | | | Sources |
| - Carelessness | | | | Bean, Martin. "Human Error at the Center of IT |
| - Lack of computer knowledge | | | | Security Breaches." 04 February 2008. 01 April |
| - Technical errors | | | | 2010 . |
| Carelessness can be linked to many different | | | | Human Factors in Information Security. 22 |
| causes of security breaches. Such as when a user | | | | February 2010. 04 April 2010 . |
| writes his or her password on a sticky note and | | | | Increase User Awareness to Bolster Security. 13 |
| leaves it on the keyboard, when a browser warns | | | | May 2005. 11 April 2010 . |
| of a potentially harmful website and the user | | | | Roberts, Paul. AOL survey finds home user |
| continues anyway without reading, or when an | | | | ingnorant to online threats. 27 October 2004. 04 |
| employee fails to follow proper security policies or | | | | April 2010 . |
| procedures. In a survey conducted by Help Net | | | | Top 10 Information Security Threats for 2010. 14 |
| Security, employee carelessness is rated as | | | | January 2010. 04 April 2010 . |