Skip to main content

Tackling the role human error plays in data breaches

Web Hosting & Remote IT Support

Cyberattacks today are an inevitable occurrence, rather than mere possibility. Near-daily comes news of another organization seeing their systems taken offline or their data being stolen as a result of a cyber intrusion. The nature of modern businesses means that cybersecurity lapses pose a very real threat to its ongoing survival – and something that every single employee in an organization has a role to play in preventing.

Thales’ 2024 Data Threat Report revealed human factors are still a major cause of cloud data breaches. Of the IT professionals that were surveyed, 22% stated that human error was the single most concerning threat. Furthermore, 74% placed threats from human error as a key priority. In the last three years, human error has ranked either first or second as the leading source of cyberattacks for enterprises.

With so many cyberattacks coming down to simple human error – and cybercriminals often capitalizing on the human propensity to make mistakes – how can businesses mitigate these people-related risks, and secure their IT infrastructure?

Remote work is an added cybersecurity frontline

Many cyberattacks can start innocuously enough. Phishing emails are one common way – tricking an unsuspecting employee who might have let their guard down into clicking a malicious link, or sharing compromising information such as passwords.

Passwords have had long running challenges from a security perspective – placing the burden on users, and relying largely on human memory, means the risk of people falling back on using the same memorable passwords across multiple accounts is high. While conventional advice recommends issuing long, complex passwords for professional use, the reality is that this doesn’t happen nearly enough.

Remote working has given many employees welcomed flexibility in how they get their jobs done – but at the same time, it does carry additional cybersecurity risks. Employees may be less likely to speak up and raise concerns in a remote environment, or from the familiar surroundings of home with their guard down, may be more likely to fall victim to a phishing scam. Flexible and hybrid work arrangements are the norm across many industries, but with so much variation of types of networks employees are using to access sensitive documents and data, the likelihood of exposing company data on insecure networks is increased.

The impact of data breaches

Whether it’s operationally or financial, the aftermath of successful data breaches can be devastating. Businesses can be ground to a complete halt, not to mention added losses through ransom payments and fines resulting from the breach.

There are also the longer-term impacts on reputation and customer loyalty, with the brand damage resulting from a successful breach often lasting a long time. Customers, suppliers, and partners may also see their stories covered in the media, multiplying the impact.

From awareness to prevention

Reducing the cyber impact from people-related risks is as much a cultural and behavioral change as it is a technological one. Business leaders need to get proactive about building an understanding amongst employees of the role they can – and must - play in protecting both themselves and the organization they work for.

At the same time, any policies that are set also need to account for how people in the organization actually work. If the rules are too strict, employees will look for insecure shortcuts to work around them. Whether it’s the use of personal devices, email accounts, or unauthorized memory storage devices, what the business has as a policy, and what employees end up doing can be very different – and that poses a huge risk.

The human element should be at the forefront of every cybersecurity plan. Employees should be consulted about their preferences when designing protocols, to ensure that there is full accessibility and understanding across all job roles and departments within the organization.

Finally, businesses can also make progress by auditing and changing how they’re authenticating their systems and data. By shifting away from passwords to biometrics, or other stronger and easier-to-use systems like passkeys, businesses can get away from relying on the human memory of their workforce – and the associated risks.

In a world of evolving threats, no business can ever realistically consider themselves ‘finished’ with cybersecurity. But by considering the above, leaders will be well on their way to mitigating one of the common ways organizations find themselves breached – and empower their employees in the process.

We feature the best cloud antivirus.

This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro



via Hosting & Support
Labels:

Comments

Post a Comment

Web Hosting
Remote IT Support
Sites & Socials
Computing Handbook - $9.95

Popular posts from this blog

Microsoft, Google, and Meta have borrowed EV tech for the next big thing in data centers: 1MW watercooled racks

Web Hosting & Remote IT Support Liquid cooling isn't optional anymore, it's the only way to survive AI's thermal onslaught The jump to 400VDC borrows heavily from electric vehicle supply chains and design logic Google’s TPU supercomputers now run at gigawatt scale with 99.999% uptime As demand for artificial intelligence workloads intensifies, the physical infrastructure of data centers is undergoing rapid and radical transformation. The likes of Google, Microsoft, and Meta are now drawing on technologies initially developed for electric vehicles (EVs), particularly 400VDC systems, to address the dual challenges of high-density power delivery and thermal management. The emerging vision is of data center racks capable of delivering up to 1 megawatt of power, paired with liquid cooling systems engineered to manage the resulting heat. Borrowing EV technology for data center evolution The shift to 400VDC power distribution marks a decisive break from legacy sy...
Post a Comment
Read more

The Apple Watch ban is lifted, on appeal – but the reprieve might only be temporary

Web Hosting & Remote IT Support The Apple Watch ban story has developed quickly over the last week and a bit, and there's now a new twist: the US Court of Appeals is putting a pause on the US sales and import ban while it reviews the case, which means the Apple Watch 9 and Apple Watch Ultra 2 can go back on sale for the time being. "We are thrilled to return the full Apple Watch lineup to customers in time for the new year," an Apple spokesperson told TechRadar. "We are pleased the US Court of Appeals for the Federal Circuit has stayed the exclusion order while it considers our request to stay the order pending our full appeal." The watches in question are now once again available from "select" Apple Stores, and will also be going on sale from the Apple website from 12pm PT / 3pm ET on Thursday, December 28 (that's 8pm in the UK, and early on December 29 in Australia). All Apple Stores should have stock by the weekend. As for how long t...
Post a Comment
Read more

The Samsung Galaxy Ring could go into production as soon as next month

Web Hosting & Remote IT Support With the dust beginning to settle from the huge Samsung Unpacked 2023 event, we can turn our attention towards what Samsung might have planned next: and a smart ring seems to be in the company's near future. As per a report from South Korean outlet The Elec (via SamMobile ), mass production on a Samsung Galaxy Ring could begin as early as August, with a decision imminent on the schedule for getting the wearable manufactured and out to consumers. A full launch is slated for some point during 2024 though, rather than 2023. The nature of the device means that it'll need to clear several regulatory hurdles before it can go on sale and start tracking various vital statistics. An early 2024 launch would put the Galaxy Ring on a similar schedule to the Samsung Galaxy S24 – and it would therefore make sense to launch both gadgets at the same time, perhaps in January or February if Samsung follows its 2023 routine. The story so far Rumors ar...
Post a Comment
Read more