- slide 1 of 3
What is Network Security?
Before we delve too deep into human factor considerations, let's first discuss network security. Network security encompasses a wide range of items. First and foremost is authentication, username and password for each user, and giving each of those users different rights to the computer. Firewalls are another form of network security, firewalls are used to filter network traffic, to prevent malicious traffic from entering and leaving a user's computer.
Antivirus or antimalware software is also a part of network security. Antivirus and antimalware prevent malicious executables from entering and running on the system. In addition to these mentioned items, there are also other forms of network security, such as MAC address filtering or assigning static IP addresses to network systems. If you're running a wireless network, its best to change the SSID and enable WPA AES encryption on the network.
Network security is a broad term used to encompass many aspects of security measures used to protect the computer and the user. Now that you have a general idea of network security, let's delve into the human factor considerations that can break the entire structure apart.
- slide 2 of 3
The Human Factor
Human factor characteristics, similar to network security, can cover a wide range of items. If people do not understand the consequences of their actions, then they will not try to maintain the network security you build up. People in general don't want to get their computers hacked, but at the same time, people don't want to feel restricted either. The human factor considerations of network security come up when security is in place but the education is not.
When people are not educated on the importance of security then they won't feel that their actions will harm their computer. Restrictions will seem more of a hassle than a security measure.
So what are some human factor considerations to take into account for network security? Going back to the examples of network security, let's see how the human factor can break the security measures.
We'll start with the most simple piece of network security, user authentication. All users receive a unique user name and are told to create complicated passwords. A password can be configured to require a certain amount of characters such as a mix of numbers and letters as well as require special characters. However, it is limited in the types of passwords users can use. A person can easily create the password qwe123, which technically meets the configuratable options but the password is extremely weak. In this case, the human factor has weakened your efforts in network security.
Firewalls are another item of network security that has human factor considerations. People can allow and disallow services in a firewall from their computer. If a user is unfamiliar with firewalls or doesn't understand firewalls, they may allow all connections which defeat the purpose of a firewall. Without proper education, a firewall can exist, but the open ports will make it a flawed piece of network security.
Antivirus and antimalware is another area where human factor considerations come into play. People can disable their antivirus updates from occurring, stop their scans in the middle of a scan or worse yet, turn off weekly scans entirely. Without proper education, many people think that antivirus and antimalware scans are more of a pain and slow down their computers. They don't understand the risk associated with disabling updates and stopping scans.
Also take into consideration that many computer users are naive about technology, therefore communication is another human factor consideration in network security. If you place a web browser proxy to prevent users from accessing the web, they may mention it to a friend. Their friend will in turn teach them tricks that they learned elsewhere, such as placing an 's' after the 'http' or entering the IP address of the site rather than the name. This can lead to dangerous territory as the user learns how to bypass security through word of mouth but doesn't learn the security implications.
Human factor considerations are a huge part of network security that need to be looked into. Human factors can ruin network security, no matter how well secured the setup is.
- slide 3 of 3
What To Do?
So how do you prevent and take into account the human factor considerations in network security? The most important action to perform is to educate the user. Network security without education is useless. To use an analogy, a bank could hire the most competent, recommended, experienced guards, but if the employees open fire doors, give customers free cash, or leave the door unlocked after hours, those security guards are useless.
Educating the user allows people to feel comfortable with security, as they know why it's in place. One human factor to consider is that with knowledge comes power. When people are trained or educated, they feel more empowered and less inclined to break items they know they shouldn't break. In this way, human factor considerations actually help network security, but the key is education.
Network security and education both play a part in keeping computers secure, both from internal data leakage and loss as well as external threats. Network security and human factor considerations can end up being key opposites, causing loss and damage or they can work together to create a more safe and secure environment for the computer user.