Human error is involved in 95% of security breaches.
A seemingly simple mistake can lead to a major disaster.
The 2015 Cost of Data Breach Study reported that human error was responsible for 25% of the data breaches that occurred in the US, resulting in an average mitigation cost of $198 per capita, and an average cost of $154 per lost or stolen record.
Mistakes happen. It’s called human error.
The 2015 Insider Threat Report found that employees at all levels pose a significant security risk, and the problem is growing. Whether inadvertently opening the door for a hacker or purposefully leaking information, insider attacks are harder to identify than outside hacks—and yet, less than half of the companies surveyed for this report had put in place measures to detect or prevent inside security risks.
Many of these human errors can be prevented by making your employees aware of the threat and its potential for damage.
Here are some of the most common mistakes:
- Clicking on an unknown email or unsafe attachment or URL.
Hackers use many tricks to get people to open the door to your network. It could be a pop-up with a tempting offer or an email that seems official, but is actually just a scam. Once clicked, Pandora’s box is opened and all sorts of evil malware slips past your firewalls. Remind your team frequently of this issue, and keep them on the alert for sketchy attempts at click-throughs.
Expert Tip: Only open PDFs, if you are unsure, delete and notify your IT department.
- Sending an email with secure information to the wrong address.
This is an innocent mistake with huge consequences. You spell the person’s name or suffix incorrectly, or put “.com” when it should be “.org”. If that email includes sensitive information that isn’t encrypted, that small typo can lead to a major security breach.
Expert Tip: Enter the email address in last as a crosscheck.
- Losing your mobile device.
In the hectic pace that is part of our daily lives, it’s not unusual to misplace your smartphone, tablet, or even laptop. By the time you realize it’s missing, it’s too late. Someone has picked it up, and all the company information that’s stored on the device is no longer secure. For all devices that access your company’s enterprise data, be sure you have installed encryption software that prohibits unauthorized access, and remind your employees to report a lost or stolen device immediately, so it can be remotely wiped.
- Neglecting good password protection protocol.
We’ve all experienced the frustration with trying to remember a password when attempting to access an account. So, to make it easier, we use the same password for everything—personal and work. Changing it monthly is recommended, but seems like a hassle. Your IT team should establish a strict protocol for password management. Define acceptable standards and require a monthly password change. Your Mobile Device Management (MDM) system can monitor whether users are complying, and restrict the use of those who don’t.
Expert Tip: Prohibit sharing usernames and passwords.
- Sharing devices and passwords.
When you grant someone the privilege of using your business mobile device, you bring their risky habits into the network. From kids downloading unauthorized videos and apps to opening up your password-protected space to another worker, every keystroke represents a potential security risk. Prohibit the sharing of work devices and make sure your IT team is monitoring the user behavior of all devices on your network.
For more information on password security, click here.
No matter how much you trust your employees, they are human. They make mistakes.
Educate them as to the outcomes of simple oversights.
Avoid the “I didn’t even think about it” excuse by providing clearly defined rules.
Knowledge is power. Use it!