Cybersecurity's Problem With People

Cybersecurity is an issue that generally seems to be the realm of IT professionals, people filling out vendor questionnaires, and technology firms.  These are undoubtedly some of the most important groups to handle this massive concern, but in the end, it becomes a very individual responsibility.  There is only so much that automated systems and safeguards can take care of before the duty lies with individuals who need to be able to avoid something as simple as a phishing attack.

Government Technology Magazine looked into the problem and reported that the state of Georgia only achieved 80 percent compliance with a simulated phishing campaign.  Steve Nichols, quoted in the article, points out that between different agencies and different states, noncompliance always seems to hit double digits.

Training makes a difference, and can certainly improve the rate at which employees avoid malicious links and phishing scams, but still isn’t able to solve the problem outright.  Even the training itself might not be presented in the proper way or with the right level of connection to those involved.  Training needs to be more than something people sit through to check a box and represent and engaging and fruitful exchange.

Some of the tactics that have been suggested to increase the efficacy of this type of training include novel materials, incorporation of current events, and a focus on how this type of training can affect employees outside of the workplace.

Training is one aspect, but there are certainly things organizations can do to automate some things that will help employees avoid attacks.  Automatic warnings about external emails and particularly emails containing links can help people think before they blindly click into something.  Human error will be a component of any business, but wherever possible, it’s beneficial to allow people more time to think, and just generally avoid risky decisions.

Extract’s technology focuses on automatically finding pieces of information that need to be redacted for public consumption and pulling important pieces of information from documents.  We keep customers’ documents behind their firewall, reducing the number of opportunities there may be for information to be improperly published or stolen.  Between strong internal cybersecurity and partnering with a company that keeps your data safe, there are many ways in which organizations can avoid cybersecurity issues.

If you’d like to learn more about our specific solution to safely extracting or redacting data, please reach out to us today.


Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing.  Chris received his bachelor's degree in English from Bucknell University and has an MBA from the University of Notre Dame.  A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.