WebRTC Expert Feature

October 11, 2019

Humans - The Weakest Link in Any Security System




For the entire history of humans we have been developing systems to protect our property from others. The Egyptians built the pyramids, many European civilisations built castles, humans the world over invented safes, vaults, doors, locks, CCTV, and alarm systems. However, no security system has ever been completely impenetrable. The main reason for this is less about flaws in the design (although these exist) and more about the humans involved in using the security systems. 

A person who left a door unlocked, wrote down the code to a safe, let down the drawbridge to a castle, or wasn’t monitoring the CCTV creates a weak link in the security. Security is only ever as good as its weakest link, as an unsavoury person is going to find the easiest way to break in. Unfortunately, as more of our lives are being connected to the digital world, the security of these systems remains patchy, with the biggest risk remaining as the humans using them.

Passwords

Passwords are one of the most primitive parts of data security. They unlock user accounts, computers, banks and other systems by having the user type a string of letters, numbers and symbols that (in theory) only they should know. As computers have become more powerful, nefarious people have been able to develop computer systems that can make hundreds of guesses every second, meaning shorter passwords made up of only letters are much easier to hack. 

Therefore, security professionals have begun requiring users to have passwords that are longer and contain a mix of different characters. However, this makes the passwords more complicated, and more difficult to remember.To help them remember, users often write them down on post it notes and leave them on their desks. This means that anyone with physical access to the workstation is able to break in. One recommended solution to this is a password manager like Lastpass which generates unique passwords for each user account and allows the user to only need to remember one. 

Two Factor Security

To combat the inherent weakness in passwords, security experts developed two factor security systems. These typically work by requiring users to enter a username, password and a unique code that changes each time the user logs in. This can help overcome the problems of users using weak passwords, or writing them down in places that are easy for others to find, as access is only granted when someone has  an app or security key. These systems have become widespread, with social media networks like Facebook and Twitter, banks like HSBC, and companies from the entertainment sector like PokerStars providing support or two factor security. 

This is not infallible though; users can lose the security key or be duped into providing a code to a scammer. There have also been instances where scammers have convinced victims to send them their security key in the post. Despite this, the biggest human-based security threat with two factor security is simply that the user fails to turn it on. 

Phishing

Another major security risk that humans create is from phishing attacks. Phishing is a phrase used to refer to “fishing” for passwords, in that a person conducting an attack sends a message (typically an email) to the victim and tells them that they need to sign in. Examples of this include a warning that their account has been hacked and they need to reset their password, or that they need to sign in to access a file. When the user types in their username and password, this information is submitted to the perpetrator who can then use it to gain unauthorised access to the account. 

One of the first targets for this type of account was users of online banking services. However, the trend has been to focus on webmail services like Gmail and Yahoo as these then grant access to many other accounts, as the attacker can use the email account to reset passwords for other services. 

There are other security weak points that are created by humans, such as failing to back up data, not taking care when clicking links, oversharing on social media, and failing to keep security software up to date. However, these three are some of the biggest threats today. The good news is that they are quick, simple, and easy to overcome by ensuring that care is taken when clicking links in emails, never writing down passwords, and always using two factor security. 


 
Get stories like this delivered straight to your inbox. [Free eNews Subscription]




FOLLOW US

Free WebRTC eNewsletter

Sign up now to recieve your free WebRTC eNewsletter for all up to date news and conference details. Its free! what are you waiting for.