All humans make mistakes. Human errors take many forms and shapes and are often, at least partially, the source of accidental data breaches and successful cyberattacks.
In this day and age, IT security is as important to businesses as the physical security of their office building. However, even if you have right security software and monitoring in place, you may still be overlooking the biggest threat of all to your IT security: Human Error
These days business owners have a lot on their plate when it comes to cyber-security, such as protecting business data and IT systems from hackers and scammers. The most effective way to deal with these outsiders might be to pay closer attention to what’s happening within the business.
Human errors can go unnoticed for weeks or months while consequences occur. So how do we stop these types of human errors taking place in the business? Below we look at the most common types of human error and address how to minimise the risk of each.
Sending wrong attachments
What are the odds that sensitive attachments could fall into the wrong hands? Think about how many documents are repetitively sent, received, forwarded and stored by each department in your business. Multiply this number by the number of recipients in your contact list and annual work days, it’s going to be a lot.
Over, let's say, a week or a month, imagine that the file has been confusingly renamed, edited, duplicated or replaced by something else and transmitted mistakenly. If you're lucky, an incorrectly attached document doesn't contain anything to worry about; if you're not fortunate, it could be the beginning of a very bad data breach.
It is always worth checking, and rechecking that any attachment you send is suitable for all of the recipients of an email.
Adding the wrong recipients to an email
Autocomplete is a double-edged sword. Some users cannot live without their autocompletes’ information. The ability to select recipients after typing one or two characters saves time, but that functionality can also cause a user to include someone with a similar name and email address (e.g., email@example.com, firstname.lastname@example.org, or email@example.com) in an email with information they should not be privy to.
What happens next is hard to predict. Unintended recipients may let you know that they should not be included and ask to be removed from the email thread. Or they could decide to say nothing and gather information for their own profit.
Again, check and double check before sending an email that all the recipients are suitable to consume the content of both your email and any documents that are attached.
Creating weak passwords
It represents a golden opportunity for cybercriminals who can take advantage of poor password-setting and resetting practices to break into IT systems, steal data and conduct fraud. And it works: most hacking attacks performed are due to stolen and/or weak passwords.
Avoid using same password for different websites or applications. Never disclose your password to anyone. Change your password frequently. Multifactor authentication can also help to resolve these issues and should be deployed wherever available. Both Office 365 and Lucidity's Managed Desktop offer multifactor authentication. More information can be found on our Password Management blog.
Lost or stolen devices
Laptops, smartphones, and BYOD initiatives have empowered today's workforce to be increasingly mobile. That's great for business who can then reduce office and administrative costs while providing employees with the flexibility to work offsite.
However, this creates potential risks for both data and hardware from a cybersecurity standpoint. A member of staff may, for example, leave his or her devices unattended while quickly getting lunch or a coffee, offering a window of opportunity for cybercriminals to strike.
Deploying Mobile Device Management is a great way to protect your business from unintended loss of a mobile device. This can lock down a device quickly and effectively, so that no data can be retrieved from it.
Falling into a phishing trap
Phishing Scams are designed to trick people into providing valuable information. The most common type of phishing attack a business might experience is an email scam. User receive an email that appears to be from legitimate source like the Post office, Bank or IRD but the real motive of these emails is to trick people into providing information or to install malicious software.
If you have received an unexpected email asking for bank account details, any personal details or with any unidentified attachment, do not act on these emails. If you are unsure what to do raise it with your IT company to provide guidance.
Vulnerable Document Processes
With the number of documents that flow through a company daily, there are probably very few pieces of information that are not confidential. Printing, storing, and sending confidential documents poses yet another security risk to any business.
Printers are so ubiquitous that many companies don’t realize they are also a security risk. Today’s printers are advanced, and many are fully-fledged networked computers that are also vulnerable to cyber-attacks—especially if they are not properly updated with the latest security patches.
While data theft is a real possibility with printers (security measures like encrypted connections and properly destroying printer hard drives should always be implemented), user’s printing behaviour poses just as much risk. Here are some document-related employee habits that could be dangerous to your business:
- Printing out sensitive information and leaving it sitting around
- Leaving filing cabinets unlocked or otherwise accessible
- Storing documents in multiple locations such as in paper files and on the company server or a remote server
- Being careless about who has access to files with sensitive information.
- Reviewing files/folders permissions on a regular basis will also help businesses avoid unnecessary security risks.
There are a lot of things to consider when ensuring your business is fully protected from cyber-attacks. A good cyber-security posture takes not only technology into account, but also ensuring best practices are followed by your users. Lucidity can provide both the technology to protect your business, and the consultation skills to provide the best practice policies for your users.