Modern field guide to security and privacy

Why people are often the biggest holes in our cyberdefenses – and what to do about it

Security assurance depends on human actions and knowledge everywhere from the mailroom to the corner office.

Michael Bonfigli/The Christian Science Monitor
CompTIA CEO Todd Thibodeaux was interviewed by The Christian Science Monitor's David Grant at an event held by Passcode, a section of the Monitor, in Washington, D.C. on Oct. 27, 2015.

In response to the clear and present danger of digital threats, many businesses have intensified their focus on improving their technology and strengthening their cybersecurity. Yet a prevailing focus on IT means companies are not doing all they can to counter digital threats — increased reliance on technology alone is not the cure-all. Organizations must take the initiative to address one of the biggest holes in our cyber defense and the biggest risk factor in securing data, devices and networks: people.

More than technology, security assurance depends on human actions and knowledge. The best security technology in the world won’t work without appropriate human intervention. There is a strong need for specialized security education, training and certification for IT personnel — but it cannot stop there. To be truly effective in preventing and combating security threats, organizations need to take steps to spread security awareness and knowledge through the entire organization, from the clerk in the mailroom to the CEO in the corner office.

Based on CompTIA research and surveys, we have seen that employee behaviors don’t always follow best practices. Behaviors such as using the same passwords or log-in credentials for business and personal accounts, conducting private or financial transactions on unsecured networks, or plugging in unfamiliar USB devices are commonplace.

Organizations that fail to acknowledge and address these facts run the very real risk of landing in the headlines due to a severe digital breach. To build more resilient cybersecurity, organizations and governments must embrace the challenge of closing the technology skills gap through training and initiatives to engage a wider, more diverse cross-section of our work force.

A broad-based, comprehensive and periodic training program – one that is both meaningful and engaging for all users in an organization – will help to not just educate, but reinforce good behaviors by requiring the worker to demonstrate an understanding of the steps one must take to cultivate a safer cybersecurity environment.

We also have found success by partnering with city-based programs to reach underserved communities; and partnering with professional women technology workers to encourage younger women to consider a career in IT.

CompTIA is at the forefront of cybersecurity protections, with best practices and credentials, including Trustmarks for organizations and professional certifications for IT workers, including CompTIA A+, Network+ and Security+. And we are on a mission to educate the workforce on sound cybersecurity behavior, through our Cybersecure training program, for anyone who touches a PC, laptop, smartphone or tablet.

Organizations understand the risks of insufficient cybersecurity and have invested heavily in technological solutions to counter the threats. But organizations also must take the initiative to address the individual as part of our defense, work proactively with vendor partners to ensure good practice outside our organizations, and engage our state and federal legislators on the important impacts that cybersecurity laws may have on business.

Only then will our organizations be able to truly up their game in cyberspace.

Todd Thibodeaux is the president and chief executive officer of CompTIA, the ICT Industry Trade Association. He is responsible for leading strategy, development and growth efforts for the association. Before joining CompTIA in July 2008, Thibodeaux spent more than 17 years with the Consumer Electronics Association (CEA), where he served in a wide range of roles culminating as its senior vice president of industry relations.

Follow Todd on Twitter @CompTIACEO.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to

QR Code to Why people are often the biggest holes in our cyberdefenses – and what to do about it
Read this article in
QR Code to Subscription page
Start your subscription today