Employees may be weak link in online security strategies

Online security has emerged as a top concern for corporate IT teams, and for good reason. But before looking to advanced technology to deliver a solution, it may be wiser to target lingering problems caused by the habits of their colleagues.

"In today's information security environment, there can be little doubt that the human element is the weakest link," explained CRN contributor Jeff Schmidt in his latest report. "Recent high-profile security compromises, including the RSA breach, started with targeted phishing - underscoring the vulnerability of human interaction in the cybersecurity chain."

While raising awareness of online security best practices is important, it rarely inspires lasting organizational change. Instead, Schmidt recommends taking concrete action, including behavioral research and procedural auditing. By highlighting gaps between policy and practice, IT managers could know, for example, whether implementing password manager software or a mandatory data backup schedule is a more pressing concern.

Aside from careless employee behavior, companies must also be aware of the possibility for malevolent insider hacking. According to eWeek, anything from trade secrets to financial reporting data could be at risk if administrators do not exercise the proper grade of access governance and monitoring.