When you think of data breaches, the first thing that likely comes to mind is a hooded figure in a dimly-lit room plotting theft of all your valuable data. But according to a study published by CompTIA it isn’t an unknown hacker that’s most likely to directly cause a breach at your company, but rather your own employees: Human error is responsible for 52% of recorded security breaches. More specifically, the most common of these behaviors that put your firm at risk are employees’ “failure to follow policies and procedures” and “general carelessness.”
IBM’s 2014 Cyber Security Intelligence Index highlights why managers should be concerned: 95% of breaches have the potential to expose sensitive company data. The report lays blame at some common, but highly preventable behaviors, including using simplistic passwords, failing to recognize a phishing attack, and misplacing laptops and external hard drives.
At Virginia Tech, human error caused a large breach that was years in the making. Computerworld reports that a server had exposed personal information of job applicants since 2003 because it wasn’t configured to follow the university’s security protocols. IT employees who were hired afterward compounded the problem, failing to notice the security flaw because they assumed the way in which servers had been operated was normal. Approximately 145,000 job application records for the university were exposed.
Employee mistakes of your vendors can also cause your data to be exposed. That was the case in the Lone Star Circle of Care breach recently. According to the Statesman (Austin) newspaper, the information of 8,700 people was exposed after a backup file of the data was mistakenly put on Lone Star’s web site by the company it contracted with to operate the site.
One reason employee mistakes are so predominant is the approach companies take in trying to avoid breaches. SC magazine reports that businesses rank human error as less of a concern than traditional security threats such as malware and viruses. Businesses are more prepared to deal with direct threats over the Internet than with potential threats who sit right within their offices.
Human error risk exposures can be minimized by educating employees about cyber security on a regular basis, and incorporating technological literacy into company culture.
Often breaches go unnoticed until a victim, law enforcement, or another external entity notifies the breached company. Thus, sensitive data can be compromised for a long time before the custodians of the data are even aware of the problem.
Data breaches pose a significant threat to the lifespan of a company. According to the , 60% of small and medium sized businesses (SMBs) go out of business within six months of a data breach. While this number might seem shocking at first, it makes sense, because unlike their larger counterparts, most SMBs don’t have the resources to weather a digital catastrophe and many have yet to purchase cyber liability insurance.