The Human Factor in Cybersecurity

Posted by fgonz006 on

The Human Factor in Cybersecurity

By

FELIPE GONZALEZ

As long as we are not run or conquered by SkyNet or AI, and the human factor is

involved in maintaining or creating cyber infrastructures, there will always be room for

error. The struggle and budget to maintain safe networks will only climb up in cost,

cyber criminals are getting smarter and technologies just keep evolving. One of the

disadvantages people believe we have, is that criminals don’t necessarily have a budget

to worry about, like companies do.

Again, not only Cyber criminals might have the upper hand, but sometimes the

attacks come from within. As long as there is a human factor involved there will always

be risk. All personnel need to understand the risks associated with threats, and need to

know how to follow protocols if infiltrated. Implementing these guidelines will minimize

vulnerabilities in the workplace, change isnot easy, and many might not like it, and as such

need to evolve and adapt as a whole to be able to fight any threats.

Every person is as important as the next, cybercriminals don’t care who you

really are, all they are looking for is for a weakness and a vulnerability to have access

to, but as we all prepare for this journey in training, you are all going to be prepared for

anything.

Avoiding Human Error

1-New security awareness training and live fire exercise drills to be implemented and

supervised by a lead on a bimonthly basis. Cyber training must be completed as

scheduled, no exceptions.

2- Passwords for all logins will have a new standard, and will have to be changed every

60 days.

3- All policies will be revised and updated.

4- Access control will be implemented: Administrators will manage roles and users. Only

need to know access restrictions will be implemented. This will help identify personnel

better, control accesses, control personnel access if laid off.

5- Two factor authentication and background checks will be implemented for personnel

needing access to sensitive information and financials..

6- Security guard will be added for access control.

7- No remote working on sensitive information will be permitted on personnel devices.

Cyber Securities

1- Inventory of all assets and asset management: this will help discover unauthorized

devices connected to our systems, and will locate device locations in the network.

2- Update all software, patches and firewalls on all assets: create a schedule for all

upcoming updates.

3- Implement network segmentation.

4- Check all physical systems, hardware and wiring to ensure hardware and or assets to

check they are in good condition and not in need of replacements.

5- The IT department will be trained and will implement an incident response team that

will train and be responsible for handling any security incident timely and effectively.

6- No uploading of any apps into the system is permitted, to include AI without proper

authorization.

Conclusion

This will be the start of many changes to be, if we come together as a team we

can protect ourselves from outsider and insider threats, policing ourselves can prevent

inadvertently disclosing sensitive information. We must invest ourselves in cybersecurity

awareness, training and educating ourselves about common threats, security protocols

and best practices in the workplace.

We as a whole should be empowered to report suspicious activities, every single

one of you plays a vital role in maintaining a secure environment. By being vigilant and

supporting each other, we can protect and detect if someone is being emotionally

manipulated and try to gain access to compromise our network securities.

Resources:

Brian K. Payne(2018). “ White-Collar Cybercrime: White-Collar Crime, Cybercrime, or Both”. Criminology, Criminal Justice, Law & Society, 1-17.

Brian K. Payne, & Lora Hadzhidimova. ‘Cybersecurity and Criminal Justice: Exploring the intersections”. INPRESS at International Journal Of Criminal Justice Sciences. 1-18.

Edward Kost, UpGuard Inc (2024) “Human factors in cybersecurity in 2025”. Retrieved 28 March 2025, from: https://www.upguard.com/blog/human-factors-in-cybersecurity#:~:text=Human%20cyber %20risk%20refers%20to,internal%20information%20to%20unauthorized%20persons

SecurityScorecard, Learning Center Blog, public (2024), “ The Human Factor in Cybersecurity”. Retrieved 28 March 2025, from: https://docs.google.com/document/d/1qw55h_cgM3aaJpwKa0KHkP5gcQY7kfVgTL1lVh GZqGo/edit?tab=t.0

Leave a Reply

Your email address will not be published. Required fields are marked *