Human error, according to Mimecast, is the cause of 95% of all security breaches. Whether it is laziness, lack of knowledge, workload, awareness or negligence. Exploiting standard human behaviours is what cyber criminals depend on and often it is how they infiltrate the most secure systems.
When someone uses the term “Human Error” it refers to the breach being caused by, you guessed it, a human! There are many ways in which you as the employee can infect your organisation without even realising that’s what you are doing until it is too late. Intentional and unintentional breaches often start and end between the chair and keyboard.
Something which may seem like a little thing can cause major damage; so let’s look at a few real-life examples.
Human Error approach – After working from printed data to complete a task. It may seem easier to simply throw it in the trash than walk “all the way” to the shredder at the end of the office. It’s pretty much trash anyway, isn’t it? That sensitive customer data, marketing plans or pricing schedule can easily be used against you when it is fished from the trash can.
Secure approach – Once you have completed your task, you should shred the documents to ensure that no one would be able to get hold of it.
USB Storage devices:
When you find an unrecognised USB device lying around, it is human nature to be curious and want to know what is on the device. Whether to see if there is any juicy content on there or even to find the true owner.
Human Error approach – You find a USB on the floor, not knowing where it is from or if it is even from someone who works in your building. You go to your computer and you decide to plug it in and look, what if it is important and you need to get it back to its rightful owner?
Secure approach – You find a USB on the floor in your office, not knowing where it is from you pick it up and hand it to your security team and forget about it. Plugging it in to your computer can cause complete network takedown and malware infection.
Emails from unknown people, or a competition you did not enter.
Hackers use sophisticated tactics in phishing emails with links that drive you to infected sites, harvest data or infect you with malware. One click on the link and you will be infected.
Human Error approach – You receive an email on payday, and it seems a little different. It is not from the usual sender and it tells you that must click on this link to view the new payslip portal. Even though it is not usual, you assume that existing cyber security measures are sufficient to protect you. Without confirming, you click on it.
Secure approach – You receive an email on payday and it seems a little different, it has a link to click to view the new payslip portal but no one in your office has said that they are creating a new system. You report the email as a phishing attempt and involve the security team to investigate the email and update security measures on this new form of attack. Cyber defence is a whole-team effort.
These are just a few scenarios where human error can mean that you are the cause of a breach and an innocent mistake can take down your environment. Ongoing awareness and discussion is critical to get everybody involved in the fight against changing cyber threats.
Understanding how awareness and engagement can help keep your organisation safer in a connected world. It doesn’t help to have the best in cyber security and an innocent human end-user inserts an infected USB while clicking on unknown links.
Awareness training and policy review is another service we can provide. Contact us to hear how it works and how your organisation can benefit and maintain compliance and security.
Keeping your employee’s awareness levels up will increase the cyber resilience and ensure the safety of your data.
Let’s get real!
Olivia Hannah Coetzee