IBM has conducted studies into cyber breaches that has occurred over 130 countries. Those studies collaborate the root contributing factors that go into those breaches. The studied countries all had a common element which was human error. “Human error was a major contributing cause in 95% of all breaches,” according to the IBM Cybersecurity Index report. IBM further demonstrates that if human error was not involved in those breaches, 19 out of the 20 breaches that were analyzed would have never occurred. This is the reality that is commonly ignored or even seen as a low priority for many businesses.
Now that you have the knowledge of the alarming percentage of cyberattacks that are vastly due to human error, you are given the gift to take the power back and resolve this issue. Some questions you should now be asking yourself is when was the last time I had a cybersecurity discussion with my employees? Better yet, when was the last time I tested my employees on their cybersecurity awareness?
Although awareness is a great foundation to good cybersecurity structure, awareness is not the only key objective here. Another key objective is to also train your employees to truly understand that a one second error could lead to a devastating monetary loss or company shut down. Think of how easy it is to text the wrong individual, e-mail the wrong individual by typing in one wrong key and let’s be honest, it’s happened to everyone at least once. Think of that information you unintentionally just released to someone. What if the recipient happened to be a threat actor or perhaps that recipient does not practice the best cybersecurity practices that you do? You could communicate with your employees as much as you can, but do you have high confidence your employees truly understand proper cybersecurity hygiene?
Sufficient cybersecurity training does not just involve good password practices but numerous incident-based practices. A good training module should be interactive. As some of the employee errors that can occur are skill and decision based, practicing some real-life scenarios can be more beneficial. Another factor to keep in mind is your work environment and culture. If you work in an open space with many distractions, you only increase the probability of your employee making an error consisting of mistakes and negligence. Try limiting the inner office activity to lower this likelihood. Email mis-delivery is a common mistake that can happen to anyone, however if you are in specific job setting, such as a law firm where confidentiality is a main focus, then you should be setting this bar high. Some physical factors to also consider is leaving out information that you do not want others exposed to. Try to limit the exposure, because if by any reason an authorized individual accesses more than they should, you could be endangering your entire business. Remember the overall goal is to limit or remove any opportunity, environmental and lack of awareness issues by providing your employees with a full understanding of good cybersecurity practices.
Do not underestimate human error, but instead make this one of your top priorities because it is in your control.