Cybersecurity may begin with putting in place measures like spam filters, fraud detection software, multi-factor authentication and file encryption. But it doesn’t end there. It’s critical that businesses provide security awareness training to staff. Data breaches caused by human error is a major problem, according to a recent report by Shred-It.
The report found that 47 percent of business leaders had data breaches caused by human error at their organization. And with breaches costing companies an average of $3.6 million globally, the role employees play is too significant to ignore.
Here are five ways employees could be putting your business at risk, and how to minimize data breaches caused by human error:
Inability to Recognize Ransomware
Ransomware is malicious software that infects a computer and displays a message demanding a fee be paid in order for the system to work again. Cybercriminals hold critical data and systems hostage for ransom of sometimes thousands or tens of thousands of dollars. What’s important to know is ransomware does not just show up on a computer. The victim – potentially a member of your staff – actually has to initiate the download of malicious software to infect the computer.
Cybercriminals are cunning in their methods. They are skilled at tricking people into clicking on a link or downloading a file that may look legitimate. Therefore, organizations must continually train their employees on what to look for before opening emails and attached files. This is one step to help protect against data breaches caused by human error.
Failure to Identify Spear-Phishing
Spear-phishing is the practice of sending fraudulent emails that appear to be from a trusted sender in order to induce targeted individuals to reveal confidential information or perform an action that seems legitimate. Similar to ransomware, a spear-phishing attempt is only successful if the victim follows the cybercriminal’s request. Meaning, spear-phishing can also lead to data breaches caused by human error.
It’s critical to provide employees with regular training on how to identify suspected spear-phishing attempts. Also, organizations should maintain tight policies and procedures that would help prevent employees from acting on fraudulent requests. For example, a multi-step approval process could prevent accounting staff from make a funds transfer to a seemingly legitimate bank account that actually belongs to the criminal.
Poor Password Management
A password can sometimes be the only barrier between a cybercriminal and your business information. There are several programs attackers use to guess or “crack” passwords. If your employees are not following best practices for password management, your business is more likely to fall victim to data breaches caused by human error.
Smart password management includes requiring that your employees:
- Update passwords every three months
- Use a different password for each login
- Not reuse passwords
- Create strong passwords that have many and varied characters and are not easily guessed
Lack of Social Media Awareness
Cybercriminals often conduct research to socially engineer their targets when planning spear-phishing and other types of attacks. Many times, they use social media as a tool to gather information that will make them appear legitimate when contacting potential victims. Details that employees post on social media – like names of pets and children – can also give attackers hints for cracking passwords. Even if your employees use social media only outside of work, they could still be putting your business in jeopardy.
To avoid data breaches caused by human error, security awareness training is necessary to help your team identify fraudulent activity and attempted cyberattacks. Your company also may want to consider a social media policy that addresses ways employees can help protect themselves and the business. This may include asking them not to include the name of your company on their social media profiles.
Compromising Sensitive Information
Employees can also open the business up to potential data breaches caused by human error by – usually accidentally – giving unauthorized people access to sensitive information. For example, employees shouldn’t walk away from a computer while it’s displaying sensitive information, like login credentials. They must also take care to secure laptops and mobile devices. Similarly, employees at any business that maintains private personal information of their clients must be vigilant to protect it. This would include things like social security numbers, credit card numbers or account passwords.
To keep this sensitive information secure, businesses should develop strict policies and communicate them regularly to staff. Protocols should address everything from in-office visual screen protection to what to do if a business laptop is stolen from an employee’s home.
If you’re concerned about how employees may be putting your business at risk, contact us today. We’ll help you protect your business and minimize the likelihood of data breaches caused by human error.