Malicious attacks remain the number one source of data breaches notified to the Office of the Australian Information Commissioner (OAIC) in the past six months. While over a third of all reported breaches related to human error, increasing from 34 per cent to 38 per cent between July and December. the question remains, could you or your employees be putting your data at risk? asks Leo Lynch, Director, Asia Pacific, StorageCraft.
Whether we are talking about massive organisations or small businesses with in-house systems, nothing is safe anymore. Human error, hackers, or system failures can cause chaos in the enterprise. It can be as simple as sending an employee sending information to the wrong recipient via email, accidentally deleting a critical file—or an entire database of mission-critical information. These seemingly small incidents can add up and potentially cripple a business.
Human error and data breaches
In a recent independent survey commissioned by StorageCraft, 41 per cent of ANZ IT decision-makers reported that they were most concerned about human carelessness such as weak passwords potentially causing data loss.
For IT admins and business owners, having a fail-safe backup solution for your critical systems is not negotiable. The data-loss problem is even more prevalent in the current and post-COVID world, as millions of people work remotely. Moving employees, their computers, and their data from a secure office environment to a less-secure home environment present a wide range of unintentional data-loss risks.
The reality is that employees will continue to make mistakes. They’re only human, after all.
Here are five ways that businesses can protect themselves against data loss resulting from human error.
#1: Promote good data-backup habits
With so many employees working remotely, it’s harder for businesses to manage backups and store data on the corporate network. Encourage employees to be responsible and back up their data regularly. If they store data on a local flash drive inserted into their laptop, they should back it up to the cloud or another hard drive. If employees store their data primarily in the cloud, they should be sure to have another copy somewhere offline.
#2: Encourage stringent cyber hygiene
All employees, especially those working at home, need to be regularly reminded to update the software on their devices and to enable all available security features, such as firewalls and anti-malware. Failing to install updated software and security patches is a well-known employee misstep that creates the gap for malware and ransomware to seize on.
#3: Limit the number of files employees can access
Employees should only be able to access data and folders based on the principle of “least privilege.” This is the concept of only giving employees enough access to perform their required jobs. Least privilege can prevent workers from accidentally deleting or corrupting files they should never have had access to in the first place. Enforcing the least privilege can significantly reduce the risk caused by human error.
#4 Establish a Backup and Disaster Recovery Plan
Most businesses have data backups, but few have a plan for restoring data should something go wrong. Be sure your team has established recovery objectives. That helps your business determine RTOs (recovery time objectives) that define how quickly systems must go back online if there’s an issue. It also establishes how much data your business can stand to lose if there’s a hardware failure, ransomware, or another issue (RPO or recovery point objectives). These metrics help your team develop a strategy that keeps downtime and data loss costs to a minimum.
#5. Test Your People and Systems
Consider regular testing once your network is in tip-top shape. This includes network vulnerability testing, testing backups, and testing employees. That could include sending fake phishing emails or even hiring companies to conduct mock social engineering scams. Whatever the case, testing should be a regular part of your security strategy.
While people are often the weak link in the security chain and inevitably make mistakes, businesses can limit data loss with the right strategies and processes in place.
Now read this