Human Error Play in Causing Data Breaches: Human error has been consistently highlighted as a major contributing factor to breaches of data. Several reports over the years have identified human error as the most common cause of data breaches, and one study has found that the average cost of human errors in data breaches was $3.33 million.
Human error in security breaches is a long-standing problem, so all businesses need to stay vigilant and educate employees to minimise these types of mistakes. If you think you have experienced a data breach and want to pursue compensation, data-breach.com is go-to platform.
4 crucial human errors in data breaches
- Misdelivering an email
Back in 2018, it was reported that incorrectly sending an email was the fifth most common cause of data breaches, and they continue to be common today. More recently, 58% of employees admitted they have emailed the wrong person at work. Misdirected emails can have serious consequences and might lead to data losses and/or thefts.
If this data belongs to customers, the organisation is required to inform them of the breach, which could result in a loss of trust, damage the relationship with customers, and even lose you a lot of business with a tarnished reputation.
Companies that handle data and come under the GDPR and other privacy laws will also need to report any data breaches that occur to the regulators (ICO), which can lead to a big fine, legal repercussions, or other disciplinary measures.
- Poor password strength
In a lot of organisations, passwords are the first line of defence when it comes to cybersecurity. However, they can also be the biggest weakness with 61% of breaches being the outcome of usernames and passwords that have been compromised or stolen. Below are why passwords are amongst the most common human errors in cybersecurity and data breaches.
- Most users use very common passwords that are easy to guess like 123456 or password
- 45% reuse their main email account password on other websites and services
- A lot of people retain the same passwords for a long period of time
- Some note down their passwords or share them with colleagues
As a result of simple errors like these, cybercriminals can easily get their hands on passwords in order to break into the victim’s system and even take over the network. Also, stolen passwords can end up for sale on the dark web, with their price depending on the user and the level of access they have.
- Delayed or inadequate software repairs
Cybercriminals typically like taking advantage of software vulnerabilities to get access to enterprise networks, systems, and data. When exploitations like these are found, the software developers or vendors need to fix the vulnerability and send out the patch to any users. A patch has to be applied straight away to prevent breaches. However, sometimes there can be a delay which gives the cybercriminals an opportunity to compromise the systems and steal data.
The Equifax attack is a famous example of this type of human error. The company failed to put a patch in place when there was a vulnerability in their software that they were aware of for several months. A key issue in this case was that they ran involuntary scans that failed to recognise the susceptible structures. If they took instead run a manual, exhaustive, and practical penetration test, they may have been able to find and repair the issue much sooner and prevented a large-scale breach.
- Poor control over access
Having poor processes in place when it comes to access control is another big error in cybersecurity as it allows anyone to get into and take control of enterprise networks. Cyber attacks and data breaches today are pretty much inevitable, so all organisations and security teams need to focus on error prevention and mitigation as much as possible. This is where restricting access to only key members of staff who need it is of vital importance.
When users have only the bare minimum access needed to perform their function the risk of a data breach lowers. Permitting users to have more access than they need expands the threat attack surface.
What are the best practices to minimise human errors and data breaches?
Everyone is human and is likely to make mistakes at some point in time. With that in mind it would be impossible to completely eliminate human errors in relation to data breaches. However, there are steps organisations can take that can help to minimise them as much as possible.
- Have software-defined parameters and secure web gateways in place
- Verify every log in
- Monitor for suspicious activity
- Provide sufficient training for all employees about cybersecurity and data breaches
- Introduce two-step authentication and biometric security where applicable to strengthen password-based security measures
- Make use of encoded password executives to generate and carefully supply robust passwords
- Set up machine-intelligent safety explanations to watchful operators of possible threats automatically
- Carry out regular application security testing to find and effectively deal with any security gaps in the software
- Create a culture within your workplace that has emphasis on security, and it is taken into deliberation with each achievement, workflow, and procedure you do.
It has been said over recent years that humans are the “weakest link” when it comes to cybersecurity and data breaches, but this is not always the case. There are many factors that can be involved when data is breached in an organisation and instead of focusing on and even reprimanding people who make a mistake, business owners and leaders would be better served putting measures in place to minimise and prevent human errors from happening in the future.
There are three important elements to understand with this: getting an insight into why human errors occur, reducing opportunities for these types of errors, and educating all users and handlers of data on the importance of their role in maintaining data protection as well as the impact of their mistakes on those whose data is compromised.
