According to CybSafe analysis of data from the UK Information Commissioner’s Office, human error caused 90% of cyber data breaches in 2019. And it’s a trend that’s on the rise. The same analysis found that 61% (2017) and 87% (2018) of data breaches could be attributed to human error. Shred-it’s 2018 State of the Industry Report further identified employee negligence as the main security concern for U.S. businesses. The report found that 84% of C-suite executives and 51% of small business owners said that employee negligence was one of their biggest information security risks.
In the wake of COVID-19 and the subsequent explosion in cyber attacks, the prominence of human error is a huge concern for businesses. And given that data breaches are expected to increase in magnitude throughout 2020, addressing this issue and mitigating the effect of human error has come centre stage.
But what exactly constitutes human error, and why does it matter?
Human error might include any and all of the following:
- sharing usernames and passwords between colleagues
- leaving mobiles and laptops open in vulnerable locations
- writing passwords in unprotected tools or places
- using easy to compromise usernames and passwords (the usual suspects—‘123456’, 'password 123', etc.).
- opening suspicious emails from unknown sources
Security Education for Employees
Human error is usually caused by a combination of wanting to save time, a lack of education, poor internal processes, day-to-day distractions and good intention. Just think, we’re all probably aware of a situation where someone shared their username and password with a colleague to speed up a process. And it’s these habits that hackers (particularly in the COVID-19 pandemic) are capitalising on. With individuals distracted, hackers are using COVID-19 to devise new ways to steal credentials and infect digital devices.
So the question becomes: what can you do to limit the threat of human error in your business as a whole and in your employees’ day-to-day duties and interactions?
Foster a culture of cybersecurity
Your new security protocols shouldn’t just be compliance-based. Nor should they be a set of tick-box exercises. Think about how you can develop a security-focused culture that has buy-in from all employees and in which all employees share the responsibility for security. An issue as important as cybersecurity can’t simply be tagged on to an employee’s role; it needs to be ingrained as a high priority principle from the start. Employees should be encouraged and incentivised for following security protocols rather than being scared and fearful of doing something wrong.
Onboarding provides the perfect opportunity to develop good habits from the start. But it shouldn’t stop there. Developing a culture of cybersecurity is an ongoing process and something you can sustain through regular meetups, open discussions and having structures in place so that employees can easily ask security-related questions. You can also identify reps in each department who can lead on security matters and initiate security-related activities.
Download our new on-demand webinar today to learn about how and why security breaches happen and what you can do to protect your online store.
Build a solid governance foundation
Dreaming up the perfect cybersecurity culture is one thing, but pulling it off requires the nuts and bolts of a governance framework. Having a clearly defined understanding of roles, responsibilities and chain of management will allow you to respond to security threats more efficiently.
Governance isn’t just about solving short-term issues, it’s job is developing a long-term, strategic response to cybersecurity that drives your business’s response.
Your governance framework should, as a minimum, cover:
- security policies
- technical tools and responses
- audits and assessments
- driving culture change (as noted above)
With this accountability framework in place, you’ll have the oversight to ensure that security risks are adequately mitigated against and that controls are implemented to prevent attacks. Appropriate governance ensures that your security strategies are aligned with business objectives and consistent with external regulations.
Invest in employee training
This one might sound obvious, but with data breaches increasing by the day, it’s crucial that your employee training represents a continual effort—rather than just a one-off.
Educating your employees on core security basics e.g. password training and some general best practices will empower them to make better decisions. To keep training relevant and engaging, you need to think about the format of these sessions. Just think, your employees are likely already busy with their own tasks, let alone having to read a security policy in their off hours. That’s why training needs to go beyond a traditional chalk and talk approach and be the type of session that employees feel will give them value.
To keep things relevant, reference recent data breach examples (even better if in your industry), analyse them and see what went wrong. And encourage a social aspect to your training through interactive workshops that allow all employees to get involved with—and be a part of—your cybersecurity culture.
Hear from our Business Development Manager for Security, Olga Gutenko, about the impact of COVID-19 on the world of cybersecurity and how you can protect your business.
Test your staff
The dreaded test. Utter that word and for most, it’ll throw up a pang of dread. But what’s the point in investing in your cybersecurity response without an understanding of how it works in practice? As highlighted earlier, the goal here isn’t to single out employees for passing or failing, it’s to identify strengths and weaknesses and encourage employees to adapt.
In offices across the world, fire drills take place on a regular basis. And it should be no different for cybersecurity. By simulating a security breach, you’ll be able to test how successful your response was. Then once over, you can evaluate what worked and what could have been better—all through a culture of improvement rather than blame.
It’s unlikely that any response to a major data breach goes 100% as planned as or expected. But by running regular attack drills, your staff will be in a much better position to handle a real-life breach and mitigate against its impact. Doing something is most definitely better than doing nothing.
Equip yourself with the right tools
While you can (and should) take the above steps to reduce human error, the reality is you can’t eliminate it completely. Your employees are human after all. That’s why in the background your business needs to also leverage technology to fight back against data breaches and provide an extra line of defence.
A multi-layered security approach will give your business the greatest protection and will make it harder for attackers to penetrate your systems. Some of the most common tools to protect your business include:
- Web application firewall
- Content delivery network (CDN) to protect against distributed denial-of-service attacks
- Intrusion detection system
- Log manager system
- Vulnerability scanning assessment
- Weak password detection
- Security reporting dashboards
- Data breach monitoring
It’s clear that no one single tool or approach will be enough to deter hackers. You only need to check the daily news to hear of high profile companies (with high profile budgets) being hit by data breaches. At the time of writing, Easyjet announced that hackers have accessed the records of 9 million customers. It’s just another example in a long line of breaches that continues to grow by the day. But by implementing a suite of tools and promoting a culture of cybersecurity amongst your employees, you’ll be giving your business the best chance possible of countering cyber threats.
A closer look at data breach monitoring
One particular area we mentioned above was data breach monitoring. Vaimo’s Data Breach Monitoring tool helps to significantly reduce risks, protect your customer data and avoid damage to your business reputation. This monitoring tool can detect when your site has been compromised and immediately alerts Vaimo and yourself to take appropriate action.
Our easy-to-use tool detects data breaches in real-time and on your behalf—saving your business from long-lasting breaches, irreversible reputation damage and lost revenue. Investing in your employees’ education is crucial, but adding in a monitoring tool provides automation at scale.
Here are just some of the benefits of the tool to help keep your business safe from hackers:
- Reduce detection times from days, weeks or months to minutes
- Eliminate threats immediately after detection
- Comply with national and international legislation
- Safeguard your reputation and your customers’ trust
Our tool protects your business no matter what industry you’re in or what eCommerce platform you’re running on.
Speak to our dedicated Data Breach Monitoring team today to hear about implementing the tool on your site.