People make mistakes; it’s true in the larger scope of life and it’s true in matters of online security. In fact, a staggering 90% of online data breaches in 2019 were caused by human error, according to the Cybsafe analysis of information from the UK Information Commissioner’s Office. This figure increased from 61% in 2017 and 87% in 2018, according to the same report. Shred-it’s 2018 State of the Industry Report further found employee oversight as the top security issue for businesses in the United States, with 84% of C-suite executives and 51% of small business owners expressly stating employee negligence as their top online security risk concern.
In light of the global pandemic and the ensuing outbreak of online attacks, the role of human error is a major concern for businesses. With experts predicting evermore creative data breach trends by the close of 2021, it’s vital to focus on man-made mistakes: both how to mitigate the effects and to keep them from occurring in the first place.
A few common human errors in the world of online security may include any and all of the following examples:
- Coworkers sharing their login details with each other
- Employees leaving mobile phones, laptops, and computers containing sensitive work data unattended
- Employees’ leaving login details in open places or in unsecured tools (for example, on a Post-it on their desk, or virtually in the Notes app on an unlocked device)
- Employees using weak login details, such as “admin123” for a password
- Employees opening and/or responding to suspicious emails
Security Training for Employees
Human error commonly ensues from a number of factors, such as a lack of knowledge, a desire to save time, weak internal processes, distractions, and good intentions with negative outcomes. It’s a familiar scenario where an employee shares their login details with a coworker for efficiency, or a well-intentioned employee in a rush replies to an email that SEEMS to come from upper management. Hackers utilize these common lapses in judgment to their advantage, especially with the added distractor we know as Covid-19. With people’s attention turned elsewhere, hackers are busy developing new ways to expose sensitive data and steal login details.
How can business owners reduce the threat of human mistakes in their business?
Create a Culture of Online Security
Consider how to mindfully build and nurture a security-first culture that engages all employees and allows everyone to share responsibility for the security of their workplace. Prioritize online security by instilling an urgency around the topic from the very start for all employees. Encourage and incentivize your employees to follow security measures and create an openness around the concept of information security.
Onboarding gives you a great opportunity to foster good habits around security from the start, but don’t stop there. Developing a culture around online security should be nurtured regularly over time, through routine meetings, open discussion, training, and by making it easy for employees to ask questions about security. A good idea is to designate security officers in your company that can lead others on security issues, be a point-of-contact, and create regular security-related activities.
Host Regular Security Trainings for Employees
While it may seem like an obvious measure to implement, with the exponential growth of data breaches, it’s vital to hold regular security workshops — not just one.
Teaching your employees about security basics, such as how to create strong passwords and keep their login details safe, or providing them with relevant tools, will provide them with the tools they require to make better informed choices during their workday. Create a format for the training by prioritizing topics relevant to your employees and your business sector, and strive to keep the workshop engaging (not just an hour-long lecture, or a security training manual that will gather dust in desk drawers). A training for online security needs to provide employees with value they can recognize.
A suitable topic could be analyzing recent data breaches in your industry with your staff and discussing what went wrong and how it could have been avoided. Implement social interaction in your training by providing interactive workshops that allow your employees to get hands-on with online security.
Quiz Your Employees
No one loves an exam, and you won’t necessarily win any popularity contests by testing your employees on security. Nevertheless, it’s important to understand how your employees will put their knowledge to use during a perceived online attack on your business. The priority should not be singling out staff members for their performance, but rather to pinpoint the areas where your employees did well, and to work on areas of weaknesses.
In most offices, fire drills are a regular occurrence, and online security “drills” should be no less important. A simulated attack will convey the results of your security training and cultural efforts. Based on the results, you can determine which of your endeavors were the most effective and which areas require improvement. Remember to reiterate to employees that the purpose of the drill is growth — not blame.
It’s expected that the reaction to a simulated data breach will not be completely perfect. But by implementing regular “security drills,” your employees will know what to expect when it actually occurs, and how to react appropriately. Every proactive effort helps during a crisis situation.
Build an Appropriate Arsenal of Security Equipment
While all of the above mentioned efforts will mitigate human error and the aftereffects, you cannot completely eradicate them. After all, making mistakes is an integral part of being human. That’s why it is best to utilize the right technology to your advantage to fight back against online attacks and add an additional level of protection.
A multi-tiered method to tighten your online security will provide your business with the most solid security and will make it much more difficult for hackers to breach your systems. Some common tools used to protect eCommerce solutions are best when used collectively:
- Intrusion detection system
- Web application firewall (WAF)
- Content delivery network (CDN) to safeguard against distributed denial-of-service attacks
- Vulnerability scanning assessment
- Log manager system
- Security reporting dashboards
- Weak password detection
- Data loss prevention
Unfortunately, there’s no tool or method that guarantees the safety of your business. New reports of major corporations with large security budgets to match still manage to fall prey to clever hackers. Easyjet shared that the records of 9 million customers were exposed by hackers; this is just one example out of many similar high profile data breaches that continue to emerge daily. But by utilizing the right security tools for your business and developing a security-centric culture in your workplace, you will ensure that you’re doing everything in your power to counter online attacks.
Take a Closer Look at Lokte’s Data Breach Monitoring Tool
Lokte’s data loss prevention tool is designed to significantly reduce security threats, safeguard your customer data, and ultimately, protect the reputation of your business. Our monitoring tool identifies suspicious activity on your eCommerce solution and alerts us and yourself of the threat.
Our easy-to-install and easy-to-use tool detects potential threats as they occur and saves your business from long-lasting data breaches, monetary damages, and loss of customer trust. While arming your employees with knowledge and know-how around online security is vital, a monitoring tool provides an automated line of defense.