Human Error: are your colleagues putting you at risk of a data breach?
Organisations know that by investing in their IT security they can massively reduce the risk of a crippling cyber-attack or a data breach. What many businesses are forgetting, however, is that it’s all well and good investing in products and processes, but there is one more ‘P’ that most certainly needs supporting.
That ‘P’ stands for people.
According to information from the Information Commissioner’s Office, it’s clear that 9 out of 10 of the cyber-breaches that were reported to the ICO last year in 2019 were actually the result of errors made by employees (6 out of 10 from phishing). That’s up by 29% since 2017 – so what is causing these blunders and how do we prevent them?
This blog discusses why employees make mistakes, what the consequences of human error can be for your organisation and why educating your staff is just as important as having a firewall.
What causes humans to make mistakes that lead to a breach?
There are many ways a user can make a mistake that can lead to a cyber-attack. One key contributor is phishing.
Phishing accounts for nearly 50% of all reports to the ICO. Phishing is forever on the rise as cyber-criminals continue to find cunning ways to get their malicious emails into people’s inboxes. In fact, 92% of malware is delivered via email to users and 16 malicious emails are received by the average user each month. A simple lack of employee awareness of today’s threats is therefore detrimental to your security posture – if users do not understand how to spot a phishing email, it’s likely they’ll fall victim to one. Feel free to check out our helpful guide “Off the hook: 6 Tips to avoid Phishing scams” to help educate yourself and your colleagues on how to spot phishing emails.
Another issue associated with human error is unauthorised access. Unauthorised access is where an individual gains access to an organisation’s data, networks or endpoints without permission. This can occur when users either use weak passwords or are targeted in a social engineering attack. An example of a social engineering attack would be receiving an email from an individual who is impersonating a senior member of your organisation, asking for credentials or requesting for an invoice to be paid. Like with other types of phishing emails, cyber-criminals can make these messages seem highly legitimate – but this doesn’t mean they are impossible to distinguish if users are skilled up with relevant training.
What are the implications of human error?
There are a wide variety of security risks that are the result of human error. As we are sure you know, it is usually the intention of a cybercriminal to either steal or destroy your organisation’s private data or to compromise your systems and use them for illegitimate activity. The consequences of both things can damage your business’ reputation and provoke fines imposed by the ICO on the back end of GDPR.
Educating your employees is important
Security awareness training is a great way to educate your employees about the dangers and risks associated with cyberattacks and can drastically reduce the chances of human error. One key benefit of security awareness training is the simple fact that it reduces errors. A recent INFOSEC study showed that if a programme was implemented to teach them about common scams and phishing emails that they were much less likely to accidently click on links or open files.
As a result of staff education, your organisation will also benefit from more vigilant employees, increasing security and possibly saving time and money.
You can learn more about how security education can benefit your organisation in our blog “6 Key Benefits of Security Awareness Training”.