Why Human Error is Your Biggest Cyber Security Risk

When it comes to cyber security, your business’s biggest risk factor is your own staff. Researchers from Stanford University and a top cybersecurity organization found that approximately 88% of all data breaches are caused by human error. Knowing the risks and learning how to mitigate these risks can help you better fortify your network. 

Datto’s Global state of The Channel Ransomware report found that phishing emails, lack of training, and weak passwords are some of the top causes of ransomware attacks. If that isn’t concerning enough, ransomware has been increasing.  According to SonicWall, almost 200 million ransomware attacks occurred in the first nine months of 2020 representing a large increase over the previous year. If you run a SMB, take heart. That same Datto study says two out of five SMBs have fallen victim to a ransomware attack.

One of the biggest risk factors is passwords. The password is the last line of defence in many instances, it is the key that lets users in.  The shocking state of password hygiene in 2020 saw SolarWinds suffer a major breach, with part of the blame being laid on this wonderful password: Solarwinds123.  Even former US President Trump had his Twitter account hacked when someone guessed his password: MAGA2020Comparitech says that 63% of network intrusions are the result of compromised user passwords and usernames. Some ways to combat this problem is to insist that staff use Password Managers to help them store complex passwords, multifactor authentication, and biometrics. 

According to Verizon’s 2020 Data Breach Investigation Report, phishing is the number one type of threat involved in data breaches. Verizon says that 30% of phishing emails in the U.S. are opened, with 12% of those targeted by these emails clicking on infected links or attachments.  Those infected links often lead to ransomware.  In some cases, those same phishing emails attempt to impersonate an executive in your organization giving a directive to staff to wire company money to an offshore bank account.  It is so important to ensure your staff are trained in how to spot a phishing email, and know what they should do when one shows up in their inbox.

The human factor can also rear its ugly head in busy IT departments. IT managers need to keep track of who has access and set up user privileges according to company policy. They also need to make sure that any old credentials for employees who no longer work in their business get switched off. The trouble in many companies is the IT department gets overwhelmed with requests and sometimes accounts are not shut off as quickly as they should be.  The issue is these open accounts could be used by a hacker to gain access to your network. In some cases, a former employee may also decide to access their previous employer’s data which could hold many consequences for your compliance obligations. Management of credentials is key for any business, and this must be made a priority. 

Now that you know how the human factor can put your business at risk, you can work to mitigate them.  Strong password and security policies, cyber awareness training, and calling in the experts when you’re feeling overwhelmed will help mitigate the risk from human error.  Are you ready to move forward?  Contact Uzado today.