IT Risks: the Danger of Human Mistakes

If your IT systems have been compromised, more often than not, it’s likely because of an error made by one of your employees.

The unfortunate fact is that as many as 59 per cent of cyber security breaches, which can be a disaster for businesses, are caused as a result of an employee mistake.

Common data breaches happen because an employee accidentally sends information to the wrong person. Other reasons include social engineering, poor internet security practices and poor password practices.

The consequences of employee errors can be far reaching. Data and systems can be compromised, information can be stolen, money can be stolen, a company can become exposed to legal action, reputational damage can take place and the organization could be crippled and rendered unable to operate for an extended period of time while the incident is dealt with.

Common reasons for mistakes include:

Not paying close enough attention

Your employees are busy trying to do their jobs. While they are in a rush to complete tasks, they can miss important information such as not realizing that an email they are responding to is actually an attempt at phishing, or the attachment of an email could contain a virus.

Failing to understand the importance of cyber security

Some employees can take a blasé approach to cyber security, believing that policies, procedures and protocols designed to protect the organization’s data are overly bureaucratic and only serve as a barrier to faster ways of conducting their work.

This could include sharing passwords or using unsecured servers to share files and other data.

Poor security practices

There are many ways employees can compromise systems through poor practices. This can include plugging in USBs and portable hard drives into company computers with questionable origins, clicking on suspicious links in emails or failing to keep company IT and communications equipment such as laptops, cell phones and tablets, secure.

Poor password protocols

When password protocols lack complexity, it makes it far too easy for them to be guessed, cracked of compromised. Ironically, one of the measures that is meant to make passwords more robust – an enforced set of guidelines around complexity – can overwhelm staff as they find it difficult to remember these complicated passwords. It can result in things like passwords being written down and left near a computer, or the same password being used on multiple sites.

Device management issues

Many employees are able to carry out their work on their own devices that they supply as part of BYOD (bring your own device) policies in their company. This can create issues when employees have software intended for personal use sitting alongside sensitive corporate information. The risk of company data being inappropriately shared or accessed because of this is quite high.

A study from Kaspersky found that around 54 per cent of businesses had data exposed because their employees had lost devices.