5 Preventable Human Errors That Leave Your

Company Vulnerable to a Cyberattack

Human errors take many forms and shapes and are often, at least
partially, the source of accidental data breaches and successful
cyberattacks. Here are five of the most common types of errors
employees make and how companies can protect their users and
IT systems.

Small business owners have a lot on their plate, including finding ways to protect their
data and IT systems from hackers and scammers. Surprisingly, the most effective way
to deal with malicious outsiders might well be to pay closer attention to what's
happening on the inside of your business.

A recent ComputerWeekly survey that polled security experts reported that 55 percent
said their organization had suffered a cyberattack. Of those who said their company was
victim to a cyberattack, 84 percent could trace back the attack, at least in part, to
internal human errors.

Hence cybercriminals rarely succeed in executing fraud on their own and rely on
deceitful tactics to dupe targets and push them to act irrationally. In other cases, the
responsibility falls entirely on insiders' shoulders who inadvertently disclose
confidential details in emails and other communications.

1
In both cases, human errors may go unnoticed for weeks or months while the
probability that disastrous consequences will occur – e.g., broken consumer trust,
expensive lawsuits, and bankruptcy – is slowly and silently increasing.

So what are the most common types of human errors taking place in small companies
and how can business owners prevent them? Let's take a closer look.

1. Sending wrong attachments

What are the odds that sensitive attachments could fall into the wrong hands? Think
about how many documents are repetitively sent, received, forwarded and stored by
each department. Multiply this number by the average number of recipients in your
contact list and annual work days.

Over, let's say, a week or a month, imagine that the file has been confusingly renamed,
edited, duplicated or replaced by something else and transmitted mistakenly. If you're
lucky, an incorrectly attached document doesn't contain anything to worry about; if
you're not fortunate, it could be the beginning of a very bad data breach.

2. Adding the wrong recipients to an email

Autocomplete is a double-edged sword. The ability to select recipients after typing one
or two characters saves time, but that functionality can also cause a user to include
someone with a similar name and email address (e.g., jane.smith@abccompany.com,
jim.smith@abccompany.com, and jane.smith@abdcompany.com) in an email with
information they should not be privy to.

What happens next is hard to predict. Unintended recipients may let you know that they
should not be included and ask to be removed from the email thread. Or they could
decide to say nothing and gather information for their own profit.

3. Creating weak passwords

2
Have you ever felt like it would be easier to use the same password everywhere?
Likewise, your employees might do this for convenience.

It represents a golden opportunity for cybercriminals who can take advantage of poor
password-setting and resetting practices to break into IT systems, steal data and
conduct fraud. And it works: 81 percent of hacking attacks performed are due to stolen
and/or weak passwords according to Verizon's 2017 Data Breach Investigations Report.

4. Lost or stolen devices

Laptops, smartphones, and BYOD initiatives have empowered today's workforce to be
increasingly mobile. That's great for small business owners who can then reduce office
and administrative costs while providing employees with the flexibility to work offsite.

However, this creates potential risks for both data and hardware from a cybersecurity
standpoint. A member of your staff may, for example, leave his or her devices
unattended while quickly getting lunch or a coffee, offering a window of opportunity for
cybercriminals to strike.

5. Falling into a phishing trap

Is it still even possible to spot fraudulent emails nowadays? Forty-eight percent of small
businesses report being the victim of phishing or social engineering scams in 2017, and
hackers always seem to be one step ahead. As a result, employees are prone to make a
cybersecurity faux pas – downloading and opening a malicious attachment, clicking on a
suspicious URL or not checking for spoofed email addresses and inadvertently revealing
data.

How can small business prevent human errors?

Before addressing solutions, let's examine the circumstances in which human errors are
most likely to happen. These include:

3
• Stressful situations, e.g., when a deadline is approaching or after prolonged
periods of mental strain

• Multitasking; employees with multiple job responsibilities may get overwhelmed

faster

• Lack of awareness about the dangers of cyberthreats and how to identify and stop
them

• A poor security tech stack, with IT security systems failing to detect abnormal
activity

Build a cybersecurity culture

All employees play a role in keeping small businesses safe, and they should be aware of
it. Drafting security guidelines on acceptable and dangerous behaviors regarding, among
other things, the use of passwords and what data can be stored on private devices is a
good start.

You may also find it useful to create an informal newsletter that contains some high-
profile cases of human errors so your staff learns more about common mistakes.

Manage devices proactively

It has become much easier and cheaper to keep track of how devices are used outside
the office and enforce best practices in security. For instance, you can require employees
to go through an additional authentication step if they want to access emails on their
phone. Additionally, you may install a mobile device management software application
that allows you to wipe hardware that was lost or stolen.

Install error-prevention applications

Everyone in your business might be fully aware of the dangers of human error, but staff
members may still let their guard down when the pressure is high.

You can use technology to flag situations where potential errors are likely to occur, e.g.,
large recipient lists, attachments containing credit card or Social Security numbers,
senders using spoofed email addresses and weak or inexistent passwords.

4
Bottom line
While many cyberattacks originate from the outside, there is often one or more
human errors at play that result in a data breach or financial loss. Business
owners can combine awareness, device management, and technology to safeguard
customers, employees, and other stakeholders.

5
We Are Purch

Purch is a rapidly growing, constantly evolving digital content and services company that helps millions
of people make smarter purchases. We bring together 350 employees from around the globe who share a
commitment to serve our customers with integrity, collaborate to deliver better results, and shape the
future of digital publishing.

To view more content like this, visit www.business.com

To learn more about Purch, visit www.purch.com/about/