A crucial aspect of cyber security that is often overlooked is the human element. An alarming percentage of data breach incidents are believed to be caused by employees either inadvertently or purposely clicking on something malicious, or not following best practices when it comes to cyber security. A recent study that probed the causes of cyber incidents has found some distressing results. Published in Security Today, “A joint study by Stanford University Professor Jeff Hancock and security firm Tessian has found that a whopping 88 percent of data breach incidents are caused by employee mistakes. Similar research by IBM Security puts the number at 95 percent.”
What Do We Mean By Human Error Risk?
The risk of human error lies in any action, series of actions or general practices by an employee that inadvertently or deliberately puts an organization's cybersecurity at risk.Some examples of these behaviors or actions include; falling for a phishing-type scam, opening malicious attachments and links, using weak or compromised passwords, sharing credentials with other team members, using personal devices for work purposes, and not practicing good cyber safety when out of the office (e.g., using public Wi-Fi). There is also a rising number of unsecured devices that are left unattended and/or unprotected. These devices could be compromised and sensitive information gained by physically having access to the device.
Potential Solutions to The Human Element Risk
Every organization has employees who are valued and needed to complete the objective of the business. But how do these organizations safeguard data and information from being at risk due to the human component of technology use or misuse?
Security Awareness Training & Education
One of the most effective methods of reducing the risk of human error in terms of cyber security is ongoing and regular training. Employees and leadership should take part in regular training with the goals of reviewing best practices for device security, how to spot a phishing scam, what indicates a malicious link (attachment) and how to set up strong and unique passwords. Training should also discuss ways to secure devices while in the office and traveling.
Strong Access Controls
Businesses can help mitigate security issues by having access controls that limit who can access certain information and how they can access it. This could include limiting access, requiring the use of multi-factor authentication and implementing an organization-wide password manager.
Incident Response Plans
Every organization should have a plan should an incident of data loss or breach occur. This plan should be reviewed and practiced throughout the year. Contact us for more information on how your organization can prevent the human element risk. We will analyze your vulnerabilities and create a custom and comprehensive plan for your business cyber security.
