Last week we took a look at how businesses can stop hackers from successfully accessing your data. We talked at length about flaws in software and how you protect against this using multi factor authentication, a password manager, and regularly updating security and patches for bugs in the system. Today, we will be looking at the other main cause of a hacker successfully gaining access to your business data: human error.
How Often Does Human Error Play a Role in Security Issues?
Let’s face it, we all make mistakes. Some are just more consequential and costly. When it comes to human error in the area of cyber crimes, the cost can be staggering to consider. According to Verizon’s Data Breach Report, “human error” was the only factor with year-over-year increases in reported incidents. The average cost of data breaches from human error stands at $3.33 million!When it comes to human error issues, size does not matter. Small and medium-sized businesses, as well as large corporations are equally damaged by small seemingly inconsequential errors like opening a malicious code-laden email, clicking a malware attachment, or passing on sensitive data. Add to the fact that for the past year many workers are completing their jobs remotely and the problem has been compounded by lack of access to regular IT training and guidance as to how to tighten security while working from home. Some of the biggest problems with human error include negligence, lack of awareness, and poor access control. Let’s take a little closer look at those factors when it comes to human error.
Whether accidental or malicious, employee negligence is reported to be the biggest cybersecurity threat to US businesses, as reported by a 2020 State of the Industry Report. Interestingly, in this same report, 96% of American consumers also felt that employee negligence was a significant contributor to data breaches.As such, organizations must focus on preventing such lapses and slips from taking place. To combat malicious negligence, businesses may want to begin stricter controls and access to data. For accidental negligence, regular training and access to IT specialists when questions arise, are a good start.
The Need For Ongoing Training
As we mentioned above, some mistakes are not intentional at all and could probably be avoided if employees were regularly trained on security best practices. Quite honestly, most employees are honest, hardworking, and trying their best to stay alert to any threats. Instead of a list of dos and don'ts for employees, actionable advice should be followed up by the IT department. Employees need to feel that they can ask questions in the case of an issue, and most especially what to do if they do notice something is “off” regarding their email, attachments, data, or security access.
As we have talked about on numerous occasions, access control is critical for safeguarding your sensitive data. If an employee can not access certain data, they will have no way to cause an error. Again, we encourage businesses to place stringent access controls in three main areas: Identification, Authentication, and Authorization. Learn more about how you can control who can get into what areas of your network and how you can configure this in some fairly simple ways to protect your most valuable data.