Data breaches often happen because of employee error and carelessness about following security protocols.
The top cybersecurity risk to U.S. businesses is not what most people might think. It isn’t hackers that cause the most data breaches, although they may take advantage of lapses. According to a new study, it turns out that the top cybersecurity risk to U.S. businesses is employees who make errors and don’t follow cybersecurity protocols.
Many Businesses Compromised by Employee Error
Nearly half of the small business executives surveyed by information security company Shred-it said that human error had caused a data breach at their business. While many of the data breaches may have been small or minor ones, they all had the potential to be costly and undercut the business’s goals and objectives. Sometimes even the smallest error or breach can open up an entire system to breaches and even shutdowns that can cripple the entire operation.
“The study’s findings clearly show that seemingly small habits can pose great security risks,” said Shred-it vice president Monu Kalsi.
Negligence by employees can result in several types of breaches, Shred-it discovered when they looked at the state of business cybersecurity. Many employees don’t use strong enough passwords and leave private information unsecured on servers and PCs both at the office and at home when working remotely. Even just walking away from your computer at work or in a remote location could expose private information and allow unauthorized access.
Taking notes at a meeting, during an online training or even just during the course of normal work on a computer could expose private data if those notes are left lying around or carelessly tossed in the trash. Those notes may contain sensitive information that could fall into the wrong hands, causing a breach. Printed documents can also end up causing damage if they aren’t disposed of properly.
Taking notes about sensitive information could lead to a data breach if the notes are not kept secure.
Working from home or, worse, from a public location like a coffee shop or bookstore, poses more risks than office work because of the often lax security that remote workers observe. While most people know at this point that a public or unsecured home network can be accessed by hackers fairly easily, they seem to think that it won’t happen to them, and it’s just so convenient to work remotely.
Using external vendors for services can also increase the risk of a data breach since it is often impossible to ensure that the vendors are maintaining the level of security needed to prevent a breach. The realities of today’s business climate have made remote workers and external vendors necessary, and measures can be put in place to ensure that data is not compromised.
Most employees are trained about security protocols and how to protect data from breaches, but it may be worthwhile to extend training in this area, making it repetitive but not boring in order to increase the level of employee engagement and retention around security issues. Reducing the employee error rate could have major implications for businesses’ security and could prevent many of the data breaches that now occur.
PC AGE offers training courses, including cybersecurity training, that prepare students to help companies be more secure and prevent costly data breaches. Request info on all our courses and programs to see how you can develop the skills you need for an IT career.