The problem with data loss is you!
World Backup Day 2024 came and went, but the ever-increasing potential for data loss remains ominous. According to Statista, data breaches will have exposed more than eight million records worldwide in the fourth quarter of 2023. For every organization there should be no doubt: it is not a question of if, but when.
Amid the fortress of technological advancements and security protocols, a glaring vulnerability persists, lurking in every corridor of every organization.
According to Verizon’s 2024 Data Breach Investigations Report, a whopping 74% of breaches can be traced back to what they call the “human element.” These breaches span a spectrum of human-induced errors, from devious social engineering tricks to accidental missteps and misuse of privileged information.
IBM’s 2023 Cost of a Data Breach Report paints a bleak picture, revealing an all-time high in the cost of data breaches, which will skyrocket to an average of $4.45 million by 2023. The consequences are multifaceted. In addition to legal complications and hefty fines, data breaches also cause irreparable damage to a company’s reputation, eroding consumer confidence and triggering regulatory scrutiny – a nightmare scenario for any business.
Chances are we’ve all fallen prey to one or more human errors that contribute to data loss: accidentally deleting or misplacing files, sending an email to the wrong person, leaving computers unlocked while getting coffee, accidentally sharing information passing on to third party questions – the list is endless. Staying alert and focused 100% of the time is a difficult task. After all, we are only human.
However, the consequences remain terrible. In this article, we dive into the top five human errors in data management that pave the way for data loss – and what organizations can do to protect themselves.
Ann Keefe is regional director for Great Britain and Ireland at Kingston Technology.
1. Ignore software updates and security patches
The lure of convenience often causes individuals to become complacent, promoting a laissez-faire attitude toward software maintenance. Whether it’s due to forgetfulness or a misplaced sense of invulnerability, ignoring updates can have serious consequences. Failure to install patches provides an open invitation for malicious actors to exploit vulnerabilities. Without robust backups, recovering lost data becomes an uphill battle.
By taking a proactive stance on software maintenance and staying up to date on security advisories, organizations can strengthen their defenses and inoculate themselves against potential threats.
2. Poorly managed accounts with high privileges
Only 38% of organizations update admin passwords quarterly; the rest do so annually or even less frequently, according to The Netwrix 2018 IT Risks Report. However, high-privilege accounts have significant power, and the laxity surrounding them makes them prime targets for attackers. Malicious actors can use compromised administrative credentials to bypass access controls on various resources or IT systems and gain access to a company’s sensitive data.
Implementing the principle of least privilege across all accounts and systems whenever possible is a critical preventative measure. It can help minimize accidental deletions and prevent ransomware attacks from spreading across a network. Temporary privileges granted should be monitored in real time to ensure that suspicious activity is handled promptly. Additional layers of protection include setting up separate administrator and employee accounts, upgrading email security with encryption and sensitive data detection, and implementing two-factor authentication.
3. Inadequate password practices
In the Psychology of Passwords Report, LastPass found that 59% of people use the same password for every account, which increases the risk of credential compromise. Some users still rely on easy-to-guess passwords, such as “password” or “123456.” Even robust passwords are not immune to compromise, especially if they are shared with colleagues or stored in unsecured documents or devices.
IT professionals are also not immune to human error; from the 2022 Password Decisions Survey, Bitwarden found that 53% use email to share passwords with colleagues, and 42% of organizations rely on sticky notes for password management, according to The 2020 State of Password and Authentication Security Behaviors Report from The Ponemon Institute. Even more alarming, Keeper Security found in its 2021 Workplace Password Malpractice Report that 44% of employees say they use the same login credentials for both personal and work-related accounts.
In addition to regularly changing passwords and using a password manager, employees should be equipped with training to ensure they understand the consequences of poor password security. Organizations should also include security reminders during login processes.
4. Allow unauthorized access to company-issued devices
Blurring the boundaries between the personal and professional spheres introduces a host of security issues. Statista found that up to 20% of UK employees gave friends and family members access to their company-issued devices in 2021. While allowing someone to quickly check their email may seem harmless, these types of actions open the floodgates to potential malware attacks, compromising sensitive data in the process. While friends and family are unlikely to intentionally snoop for sensitive data, they can easily inadvertently download malware that can gain access to corporate data, cloud applications, and storage.
Companies should establish clear policies regarding device usage. For example, Kingston Technology’s encrypted USB drives and SSDs are a great solution for remote or traveling workers who need access to sensitive corporate data. All devices should also be equipped with necessary security measures, including screen locks, two-factor authentication, application blacklists and remote wipe solutions.
5. Succumb to phishing or social engineering attacks
Phishing and social engineering attacks are widespread, and research shows that 98% of cyberattacks abuse these tactics. Hackers trick users into disclosing sensitive information or downloading malware through deceptive emails, often disguised as legitimate sources, tricking users into clicking malicious links or opening infected attachments. For example, a notification to reset a password or view a file shared by a colleague. When these attacks are used to deploy ransomware or other types of malware, they can cause permanent data loss. Despite the increasing awareness of these threats, many people still fall victim due to a lack of cybersecurity caution and training.
It is crucial to train employees regularly and continuously. No amount of training or preparation can prevent all accidental data loss, but developing and regularly testing a comprehensive business continuity plan can significantly reduce the risk.
Last words
In the digital age, data loss is not only a technological problem, but also a deeply human problem. Errors are inevitable and data loss due to human error is an unfortunate reality that every business must prepare for.
With ransomware attacks on the rise, regular backups are the most effective way to prevent permanent data loss due to human error, along with employee training and stricter access controls. Hardware-encrypted solutions provide more robust and comprehensive data protection than software-based options for true ‘password protection’ of critical files. Recognizing the role of human behavior in vulnerabilities and taking proactive, people-centered security steps can give organizations a fighting chance when – not if – the time comes.
We’ve highlighted the best business VPN.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro