In a security context, human error means unintentional actions – or lack of action – by employees and users that cause, spread or allow a security breach to take place. Almost all successful cyber breaches share one thing in common: human error.
According to a study by IBM, human error is the main cause of 95% of cyber security breaches. In other words, if human error was somehow eliminated entirely, 19 out of 20 cyber breaches may not have taken place at all.
Examples of human error in cyber security
Falling prey to scams due to lack of awareness and / or training
An online scam is any scheme designed to trick people out of money or steal their personal information that uses, or is delivered via, digital communications. Here are a few tell-tale signs you might be being scammed:
- Contact that is out of the blue– even if the person says they’re from a legitimate organisation like the bank, an embassy or your internet provider
- Getting told there’s a problem with your phone, laptop or internet connections – often they will offer to fix your device or say they are from your phone or internet company
- Being asked for passwords – legitimate organisations will never ask for the passwords to your online accounts
- Needing to verify your account or details – don’t respond or click on any links in the communication even if it looks like it’s from a real organisation
- Trying to get you to move outside of an online trading or booking website or app (like Air BnB) – don’t pay outside of the normal website or app processes
- Offering money or a prize in exchange for something up front – they might say that it’s a “processing” fee or something similar
- Being asked for money by friends/partners you’ve met online – this is a very common tactic, do not pay the money
- Unusual ways to pay for something – scammers try to use payments that can’t be traced such as pre-loaded debit cards, gift cards, bitcoins, iTunes cards or money transfer systems
- Asking for remote access to your device – never do this unless you have actively sought out the service they are providing
- Pressuring you to make a decision quickly – this could be to avoid something bad (e.g. account being closed, trouble with the IRD) or to take advantage of something good (a deal or investment)
Failing to ‘Patch’ or update your software
You’re hard at work on your computer or device and a message suddenly pops up saying, “a software update is available”. You’re busy, so you click “cancel” instead of “install”, thinking you’ll get to it later, but you never do. Sound familiar?
The truth is it’s easy to skip software updates because they can take up a few minutes of our time, and may not seem that important. But this is a mistake that keeps the door open for hackers to access your private information, putting you at risk for identity theft, loss of money, credit, and more.
Bad password habits
According to the National Centre for Cyber Security’s 2019 report , 123456 remains the most popular password in the world, and 45% of people reuse the password of their main email account on other services. In addition to not creating strong, unique passwords, untrained users commit many other password mistakes including writing down passwords on post-it notes on their monitors or sharing them with colleagues
Misdelivery – Sending information to unintended recipients
Sending information to a wrong recipient – is a common threat to corporate data security. According to Verizon’s 2018 breach report, misdelivery was the fifth most common cause of all cyber security breaches. With many people relying on features such as auto-suggest in their email clients, it is easy for any user to accidentally send confidential information to the wrong person.
One of the most serious data breaches caused by human error was when an NHS practice revealed the email addresses of over 800 patients who had visited HIV clinics. How did the error happen? The employee sending out an email notification to HIV patients accidentally entered their email addresses to the “to” field, rather than the “bcc” field, exposing their details to each other. This is a classic example of a skill-based error, as the employee knew the correct course of action, but simply didn’t take enough care to ensure that they were doing what they intended to.
How to prevent human error in your business
The mitigation of human error has to come from two angles: reducing opportunity, and educating users. The less opportunities there are for error the less your users will be tested for their knowledge – and the more knowledge your users have, the less likely they are to make a mistake even when they come across an opportunity to do so.
Comprehensive security awareness training is one of the best ways to protect your business from malicious attack and prevent possible breaches. Your employees are often the first line of defence against a cyber-attack. Well- trained employees know the best tactics to prevent, respond to, and recover from an attack.
Reducing the opportunities for human error should also include overall company policies around:
- Privileged access: ensure that your users only have access to the data and functionality that hey need to perform their roles. This reduces the amount of information that will be exposed even if the user commits an error that leads to a breach.
Password management: as password-related mistakes are a main human error risk, distancing your users from passwords can help reduce risks. Password manager applications allow your users to create and store strong passwords without having to remember them or risk writing them down on post-it notes. You should also mandate the use of two-factor authentication across your business to add an extra layer of protection to your accounts.
We know that your company’s data is one of the most important things to you, and we want to help. To learn more about our services for protecting your critical company information from cyber-attacks, contact us today!