Human error is one of the leading causes of data loss for UK organisations. What can your organisation do to reduce the risk of suffering data loss – and potentially reputational damage and GDPR fines – as a result of avoidable human error?
Organisations throughout the UK are under attack from motivated cybercriminals who want to access the confidential information they hold. But it’s not just cybercriminals that organisations should be wary of – their own users are actually a leading cause of data breaches.
The World Economic Forum’s Global Risks Report 2022 draws on its Global Risks Perception Survey (GRPS) along with the views of over 12,000 country-level leaders to highlight critical risks we face. It reveals that 95% of cyber security threats have in some way been caused by human error – a staggering statistic.
Depending on your perspective, this is either comforting – as these errors should be easily avoidable – or deeply frustrating. Either way, these human errors are inherently avoidable. The right combination of people, processes and technology will prevent human error leading to data loss.
In this blog, we’ll show you how.
While ill-disciplined users can cause your organisation a serious cyber security headache, well-trained users can form your first line of cyber defence. Carry out security awareness training with all your users so they are aware of the risks they face – whether that’s from phishing emails, ransomware, business email compromise, or any of the main cyber-attack methods cybercriminals use.
Reiterate the importance of staying diligent, even when working from home. Studies suggest that users are less careful when working from home than they are when working from the office. If your organisation uses an agile working approach, this can’t be the case.
And finally, consider setting policies dictating that users should send emails containing confidential information from their desktop or laptop – never from a smartphone. Users are much more likely to email the wrong people from their smartphones than they are from their workstations.
Business email compromise attacks leverage persuasion tactics and gaps in processes to convince users to do things they shouldn’t – whether that’s sending money to illicit bank accounts, leaking confidential information, or providing access to hackers to get onto internal systems.
When it comes to processes, there’s always a balance to be struck. The most stringent processes could probably prevent 99.9% of persuasion-based cyber-attacks but would also potentially stop your organisation from getting anything done. To minimise the risks your organisation faces from user error, implement processes and governance that protect you and your clients when sending emails containing confidential information.
In 2023 all access should be protected through multi-factor authentication as standard. Multi-factor authentication prevents hackers from accessing your systems even if they are able to crack a user’s login credentials.
Phishing emails are the most common cyber-attack vector in 2023. The average 350 user organisation receives around five million emails a year, around 11% of which should not be delivered but still get through traditional email security software. Mimecast Email Security for Microsoft 365 stops these emails, preventing spam and opportunistic attacks, malware and malicious attachments, and impersonation attacks. Learn more about Mimecast Email Security for Microsoft 365.
Another important technology consideration is backups. Software as a service (SaaS) vendors are only responsible for data protection and data loss some of the time. That means end users are responsible for data security and data loss the rest of the time. The Shared Responsibility Model was created by Microsoft to outline who is responsible for data in different scenarios of data loss. In our free infographic, we explain the Shared Responsibility Model and show how you can avoid downtime and keep your organisation’s data more secure.
Prevent Human Error Leading to Data Loss
Cybercriminals are persistent, resourceful and adaptable, and there is no single solution to protecting your organisation from all cyber-attacks. However, by applying the measures listed above and combining them with a mature cyber security model that incorporates people, processes and systems, you will enhance your organisation’s cyber security posture and reduce the chances of suffering financial, operational and reputational damage as the result of an attack, or a data breach caused by human error.
Looking for guidance and support? Schedule a call with one of our experts if you’d like to learn more.
Subscribe to the newsletter today
Hope for the best, prepare for the worst.…