When it comes to data breaches and hacks, the extent to which human error plays a role remains a subject of debate. Reports suggest figures ranging from 23% to a staggering 95%, depending on the definition of human error. Whether it's an employee leaving a company laptop in a car that subsequently gets stolen or sending a document to a mistyped email address, human error is almost always intertwined with cybersecurity incidents.
In reality, those dramatic backdoor-code-hacking scenarios you see in movies are far less common in the modern hacking landscape. Why invest hours in breaching firewalls when a simple phishing email in an employee's inbox can provide a more straightforward path to compromising data?
Despite the exact statistical number and definition, one undeniable fact remains: the person sitting at the desk is often the most significant threat to your data. So, how can you minimize this human error threat?
1. Training Is Key
The most powerful weapon in preventing human error is education. Employees need to recognize threats to mitigate them effectively. Cybersecurity training should be as vital as the training employees receive for their job responsibilities.
A 2019 report highlighted that small and medium-sized businesses (SMBs) are most frequently affected by inappropriate IT resource use by employees. The second-highest cause was malware infection on company-owned devices.
Effective cybersecurity training should cover:
Good password practices, including creating strong passwords, secure storage, and regular password updates.
Identifying phishing threats in emails.
Safe online practices, such as using websites with HTTPS, and recognizing the difference between secure and insecure sites.
Appropriate use of company devices, including not lending them to family members or using them for personal tasks, and ensuring secure storage when not in use.
Businesses can also provide refresher courses with updated threat education once or twice a year. While training requires time and investment, the cost of neglecting it can be significantly higher.
2. Regular Updates Are Crucial
SMBs with outdated technology can suffer up to 54% more financial damage in a data breach compared to companies that keep their IT systems updated. Yet, 44% of North American organizations continue to use old, unpatched software in their operations.
The human element plays a substantial role in this issue as well. Users often ignore or delay software updates because they're either too busy when the update notification arrives or are reluctant to interrupt their work.
One of the most prominent data breaches, the Equifax hack, could have been prevented. Employees were informed about a potential vulnerability and given 48 hours to apply a patch. Unfortunately, they failed to do so, and two months later, hackers exploited the vulnerability.
Automated updates are a solid approach, but designating a reliable individual to ensure regular updates on all company devices, in addition to emphasizing the importance of updates in training, is even more effective.
3. Limit Access to Sensitive Data
A Varonis report indicates that almost two-thirds of companies grant employees access to over 1,000 sensitive files, with some financial services employees having access to a staggering 11 million files. This access often extends to complete control, allowing individuals to open, copy, modify, and delete valuable data.
However, it's relatively easy to restrict access to sensitive files for those who don't genuinely require it. Initiating measures like limiting drive access to necessary personnel and protecting sensitive documents with passwords provides a straightforward starting point.
Need Expert Help?
Concerned about your business's cybersecurity vulnerabilities? WildFrog Systems in Abbotsford, BC, specializes in IT services and tech support. We can provide advice, implementation, or a cybersecurity audit tailored to your specific needs. Contact us at 604-210-9811 for assistance in bolstering your cybersecurity defenses.