Human and physical factors in information security

Human factors

The majority of information security issues are caused by user activity and only a small part are due to software and physical factors related to hardware.  So stop for a moment and consider whether you recognize yourself in the following ways of thinking.

  • “No one ever broke in to my computer, so why should I protect it?”
  • “Who would be interested in my files, anyway?”
  • “That file probably doesn’t contain a virus.”
  • “I don’t feel like making backup copies of my files right now.”
  • ”Well, I can’t be bothered to lock my workstation at the computer station while I go to the bathroom”

Further, consider what the user is doing wrong if he…

  • forgets to log off a computer before leaving it
  • stores his password on a piece of paper e.g. under his keyboard
  • selects a simple password that is easy to remember for web services
  • gives his password to someone else to use
  • copies software off unknown web sites
  • leaves his print-outs lying near the printer
  • forgets his USB stick in the USB port of a public computer
  • stores his password on his phone and doesn’t protect his phone with screen lock
  • neglects to make a back-up copy of an important file.

Physical factors

In addition to the users, different physical factors threaten the safety of the computer and its storage units, USB memory sticks and other hardware. Many of the physical factors are as dangerous as the human ones; a fault in a storage device, for example, can cause problems with reading the file or, in the worst case, can destroy the whole file.

The following list contains practices that can improve the safety with respect to physical threats:

  • theft or disappearance of a mobile device: do not leave your laptop or phone lying around, e.g. on a desk in a reading hall. Be careful with what information you store on your computer and how it is protected. There are risks involved in storing passwords. Consider encrypting your phone’s content, as well as the option of remote wiping and ways to locate your lost device. It may also be useful to encrypt the hard drive of your laptop and prevent the computer from being booted from a flash drive.
  • mistreatment: store devices and storage media in a dry space at room temperature. Make sure that the ventilation openings on your computer are not blocked. From time to time, dust off your computer, mouse, and keyboard. Be careful not to bump or drop your devices.
  • fires and other catastrophes: do not store the back-up copies of vital files in the same building as the original files.