Let’s cut to the chase, if you’re wondering whether human error is harming your business, then the answer to this question is almost definitely yes. We’re all human, and so we understand that mistakes can never truly be eliminated, but the fact remains that those small errors can be a major risk for businesses, as both decision-based and skill-based errors can lead directly to a major cybersecurity breach. A study from IBM revealed that human error is the main cause of 95% of cybersecurity breaches, with hackers exploiting this area of weakness for their own gain. What may surprise you, however, is that these errors are not only often small in scope, but can often be trained out of your team. Here are just a few examples of the types of human error that cybercriminals are capitalising on:
Using weak passwords or writing passwords down
When a password falls into the wrong hands, it means unauthorised people can access data and use it in a number of ways that will pose problems to your business.
Poor password practises plague businesses of all sizes, for a very good reason: with an average of 70-80 passwords to remember, many people fall back on simple, easy to recall passwords. Some employees are guilty of reusing passwords, writing down passwords in notepads, or even on post-it notes that are easily found, not realising the impact of their actions.
It only takes one compromised password to gain access to your systems, so ensuring your team has positive password habits can be the difference between an attacker breaching your system or moving onto a business without cybersecurity training.
Using unauthorised software
Another common issue that affects organisations of all sizes is employees using unauthorised software, such as free online editing software that contains malware.
Company systems have even been compromised because employees have streamed a sports event or accessed a similar unauthorised online service. It highlights the risks of general internet usage on company machines, especially those without the knowledge required to spot and stop malware attacks.
Not updating software
Software updates are critical to keep systems protected, as security updates are required to combat new threats and vulnerabilities. If employees do not update the software on their PC or laptop when required, this can leave your company systems at greater risk of security breaches.
By training your team to effectively manage their software updates - even when it means potential downtime - you will reduce the risk of your systems being compromised.
Improper handling of sensitive data
One type of human error that can cause significant damage to your company is the improper handling of sensitive data, for example, sending sensitive data to the wrong recipient by mistake or storing data without adequate protection. Not backing up important data is another error that can have major consequences if data is lost… not to mention some awkward phone calls!
Far beyond reputational damage alone, improper handling of sensitive data can have serious financial consequences if, for example, GDPR or DPA legislation is breached.
Using unsecured internet connections
With more people working remotely as a result of the COVID-19 pandemic, there has been a dramatic increase in security breaches caused by the use of unsecured internet connections - like those found in our homes, or in public places like coffee shops.
Using public Wi-Fi without using a VPN, or even having default passwords set on your home Wi-Fi, can leave your company systems open to cyberattacks.
Opening email links or attachments
Phishing attacks are the number one cause of data breaches, with an astonishing 3.4 billion phishing emails sent per day.
More concerning still, such phishing attacks are growing increasingly sophisticated, utilising elements of your digital footprint to create tailored spear-phishing attacks.
Other types of attacks might send text messages claiming to be a person or company that the person interacts with and trusts. Within the email or text, they encourage the recipient to click on a link that takes them to a dangerous site.