Human Error: Understand the IT Threat
With over 90% of all cyber security breaches due to human error, it’s safe to say that mistakes in the workplace are more than costly. So what mishaps are your end users making, and what exactly are the repercussions to your organization?
Many of the successful security attacks from external attackers who are preying on human weakness, waiting patiently for employees to be lured into providing access to sensitive information. Their human errors can be incredibly costly, especially since the insiders involved have access to a host of sensitive data.
One of the greatest impacts of a successful security breach is the exposure of this kind of information, loss of intellectual property and the infection of malware.
The Threat of Human Error
One of the most common mistakes made by employees, is sending sensitive documents to unintended recipients. This is relatively easy to solve when deploying security controls to monitor sensitive information being leaked from your organization.
These controls were once considered complex to deploy, but have now been made considerably easier to implement by vendors in recent years. This has dramatically reduced the level of user involvement required and increased the use of such controls.
These tools can also:
- Prevent users from engaging in inappropriate behavior
- Eliminate sending documents home via email, placing them on file-sharing sites or removable media such as USB sticks
See how the growing culture of bring-your-own-device (BYOD) exposes additional major concerns, especially with the risk of lost or stolen mobile devices. Again, technology vendors are available to help companies control what happens to data stored on such devices, even allowing sensitive data to be remotely wiped – so that it doesn’t fall into the wrong hands.
Even the most trusted and highly skilled employees run major risks of human error. System and network administrators are commonly guilty of incorrect system configurations, poor patch management practices and the use of default names and passwords. There are numerous security controls that organizations can explore to guard against these types of threats.