IN THIS CHAPTER

Securing user accounts

Keeping passwords safe

Improving the human firewall

While all the technology you can throw at security is vitally important, the weakest link in any security structure are the humans who live behind it. Consider the following actual cases:

• An attacker gains complete access to an accounting company’s servers by guessing the name and password of a user with elevated permissions. The user’s password was obvious and easy to guess.
• The data systems of a city government falls victim to a ransomware attack when an employee opens an attachment in a malicious email.
• An employee at a securities firm for a hospital clicks a link in a malicious email, leading to the theft of personal information from the firm’s databases.
• An employee at a community college accidentally posts detailed student records on the college’s website, exposing the information to the entire student body.

In every one of these cases, and in hundreds of thousands of cases like these, IT administrators had technology safeguards — firewalls, antispam and anti-virus software, permissions-based access, and so on — in place. Yet careless users caused serious ...