Professional Documents
Culture Documents
5 Preventable Human Errors That Leave Your Company Vulnerable To A Cyberattack
5 Preventable Human Errors That Leave Your Company Vulnerable To A Cyberattack
Human errors take many forms and shapes and are often, at least
partially, the source of accidental data breaches and successful
cyberattacks. Here are five of the most common types of errors
employees make and how companies can protect their users and
IT systems.
Small business owners have a lot on their plate, including finding ways to protect their
data and IT systems from hackers and scammers. Surprisingly, the most effective way
to deal with malicious outsiders might well be to pay closer attention to what's
happening on the inside of your business.
A recent ComputerWeekly survey that polled security experts reported that 55 percent
said their organization had suffered a cyberattack. Of those who said their company was
victim to a cyberattack, 84 percent could trace back the attack, at least in part, to
internal human errors.
Hence cybercriminals rarely succeed in executing fraud on their own and rely on
deceitful tactics to dupe targets and push them to act irrationally. In other cases, the
responsibility falls entirely on insiders' shoulders who inadvertently disclose
confidential details in emails and other communications.
1
In both cases, human errors may go unnoticed for weeks or months while the
probability that disastrous consequences will occur – e.g., broken consumer trust,
expensive lawsuits, and bankruptcy – is slowly and silently increasing.
So what are the most common types of human errors taking place in small companies
and how can business owners prevent them? Let's take a closer look.
Over, let's say, a week or a month, imagine that the file has been confusingly renamed,
edited, duplicated or replaced by something else and transmitted mistakenly. If you're
lucky, an incorrectly attached document doesn't contain anything to worry about; if
you're not fortunate, it could be the beginning of a very bad data breach.
What happens next is hard to predict. Unintended recipients may let you know that they
should not be included and ask to be removed from the email thread. Or they could
decide to say nothing and gather information for their own profit.
It represents a golden opportunity for cybercriminals who can take advantage of poor
password-setting and resetting practices to break into IT systems, steal data and
conduct fraud. And it works: 81 percent of hacking attacks performed are due to stolen
and/or weak passwords according to Verizon's 2017 Data Breach Investigations Report.
However, this creates potential risks for both data and hardware from a cybersecurity
standpoint. A member of your staff may, for example, leave his or her devices
unattended while quickly getting lunch or a coffee, offering a window of opportunity for
cybercriminals to strike.
3
• Stressful situations, e.g., when a deadline is approaching or after prolonged
periods of mental strain
• Lack of awareness about the dangers of cyberthreats and how to identify and stop
them
• A poor security tech stack, with IT security systems failing to detect abnormal
activity
All employees play a role in keeping small businesses safe, and they should be aware of
it. Drafting security guidelines on acceptable and dangerous behaviors regarding, among
other things, the use of passwords and what data can be stored on private devices is a
good start.
You may also find it useful to create an informal newsletter that contains some high-
profile cases of human errors so your staff learns more about common mistakes.
It has become much easier and cheaper to keep track of how devices are used outside
the office and enforce best practices in security. For instance, you can require employees
to go through an additional authentication step if they want to access emails on their
phone. Additionally, you may install a mobile device management software application
that allows you to wipe hardware that was lost or stolen.
Everyone in your business might be fully aware of the dangers of human error, but staff
members may still let their guard down when the pressure is high.
You can use technology to flag situations where potential errors are likely to occur, e.g.,
large recipient lists, attachments containing credit card or Social Security numbers,
senders using spoofed email addresses and weak or inexistent passwords.
4
Bottom line
While many cyberattacks originate from the outside, there is often one or more
human errors at play that result in a data breach or financial loss. Business
owners can combine awareness, device management, and technology to safeguard
customers, employees, and other stakeholders.
5
We Are Purch
Purch is a rapidly growing, constantly evolving digital content and services company that helps millions
of people make smarter purchases. We bring together 350 employees from around the globe who share a
commitment to serve our customers with integrity, collaborate to deliver better results, and shape the
future of digital publishing.