Cyber attacks and data breaches are on the rise, and it’s easy to believe they’re all caused by criminal hackers out for financial gain. However, this isn’t the case. Last quarter, it was found that four of the five leading causes of data breaches are because of human or process error.
The failure of staff to follow workplace security regulations, as well as criminal hackers finding more ways to exploit members of staff, is becoming an increasing problem.
Staff can cause data breaches in a number of ways, but there are a few that have become particularly common.
Employees can misuse their organisation’s data deliberately or accidently, but both have a negative effect.
Data is often taken by insiders looking to profit from it. They can do this by snooping through company data, taking it to a new employer or starting a rival company.
Former employees can also become malicious, and look to get revenge on the company. A CIO survey found that 20% of organisations have experienced a data breach caused by a former employee. Much of this is because companies fail to follow basic security measures when it comes to employee provisioning and deprovisioning.
Phishing scams target and attempt to trick staff into handing over company data, typically through emails that appear to come from a trustworthy source. The emails try to get targets to reveal sensitive information, such as usernames, passwords or financial details, and might also try to install malware through a malicious link or attachment.
In May 2017, it was found that one in every 2,998 emails was a phishing email. Phishing emails are not always easy to detect, which is why they have become such an effective way for criminal hackers to gain access to company data.
There are often not enough requirements in place with company passwords. This makes them weak and easy to hack.
A study carried out by OneLogin found that only 31% of companies require employees to change their password monthly, and 52% admitted that staff were only required to reset their password once every three months.
This becomes more of a problem when the same password is used for multiple accounts, making it easy for a criminal hacker to gain access to company data.
Another issue is that passwords are often shared with other staff members, defeating the point of having a password at all. Passwords should be kept secret and never be shared with colleagues.
Staff can easily undermine your organisation’s cyber security. They need to understand and comply with your cyber security rules and regulations. If not, they will inevitably cause a data breach.
A cyber health check will help identify your weakest security areas and recommend appropriate measures to mitigate your risks. One aspect is an online staff questionnaire, the results of which will be analysed to gauge their cyber security awareness.
The cyber health check will provide you with a detailed report on your current cyber risk status and critical exposures, and will draw on best practice, such as ISO 27001, 10 Steps to Cyber Security and Cyber Essentials, to provide recommendations for reducing your cyber and compliance risks.