Story image

Avoid the traps of human error

08 Jan 2013

When people talk about data breaches, the tendency is to think about cybercriminals and hackers trying to access networks to extract valuable information.

This is dangerous for two reasons. Firstly, it can lull organisations into a false sense of security.

“What could criminals possibly want with our data?” they ask. Or: “We don’t hold payment details – they wouldn’t target us.”

This in itself can lead to a general air of complacency around data security: “It’ll never happen to us.”

Secondly, research has shown that in reality the biggest risk to an organisation’s data lies somewhat closer to home.

Recent research from the Ponemon Institute showed that organisations cite “human factors” as the cause of 78% of all data breaches.

In other words, the greatest threat to an organisation’s data actually comes from its own staff.

This is not to say that your employees are deliberately trying to harm your organisation. Instead, the research shows that the vast majority of data breaches are caused instead by human beings, being human – forgetful and careless.

So, the challenge is how to stop them.

Take charge of device management

Technology has an answer. The idea is to take responsibility away from the user as far as possible whilst maintaining a workable solution which enables staff to be productive.

Using a management console to enforce data security policy across an organisation prevents this problem.

Organisations are responsible for administering their own management systems, which can be used to monitor, set and enforce policies right down to individual users if required.

In addition, management software can also track and monitor what devices are allowed and what data is downloaded, and can be used to block the usage of unencrypted USBs.

This removes the chance of human error by automatically guaranteeing the use of an encrypted device.

Management consoles can also remotely wipe USB devices which are lost or stolen, monitor usage and even control precisely what data may be downloaded to portable memory devices, thereby adding extra layers of data protection.

Management technology takes the responsibility out of the hands of staff and ensures compliance by removing the chance of human error.

Enforcing data security policy via an automated, managed solution prevents data breaches, and in doing so protects both staff and data.

Encryption counters human error

The use of encryption effectively counters human error because it is relatively inexpensive, simple to administer and highly successful in preventing data breaches. If an encrypted device is lost or stolen, the data remains secure and a breach is avoided.

Encryption is also easy to use. Employees are sensitive to new policies which they feel will prevent them from doing their jobs properly or make them less efficient.

An encrypted memory stick can be used with the same ease as an unencrypted device, and provides peace of mind for staff and security for data.

Biometric devices are more expensive but are also more secure, and have the usual benefits that biometric security holds over passwords (a fingerprint can’t be forgotten, guessed or written down on a Post-it).

Make life easier, not harder

Employees are adept at finding workarounds for policies which make their lives harder, they don’t agree with or they see as unnecessary. If following the rules makes life harder, a recipe for data breaches will result.

Education has to go hand-in-hand with technology. Staff need to understand their responsibilities around data security and how to use technology effectively in order to do their jobs without risking a data breach.

Technology in data security should be an enabler, which allows staff to do their jobs better and more safely.

Human beings will always make mistakes, so the onus is on organisations to ensure that they can mitigate this threat.

The good news is that technology support can prevent carelessness turning into a data breach.

Yamaha unveils simplified UC deployments
"In this fast-paced world, meeting participants need to be able to feel comfortable and hear those on the far end clearly to brainstorm new ideas and accomplish goals."
French cloud giant sets up shop in two APAC data centres
OVH Infrastructure has expanded its public cloud services in the Asia Pacific (APAC) market operating from two data centres within the region.
Jobs of the future: Will humans outmatch AI co-workers
"Regardless of how the workforce changes, automation, data and algorithms will complement rather than replace human employees."
How IBM’s acquisition of Red Hat could impact your business
The acquisition is pending regulatory approval, but IBM expects the deal to close in the second half of 2019. 
SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Google doubles down on hybrid cloud strategy
CSP is a platform that aims to simplify building, running, and managing services both on-premise and in the cloud.
Why NSP adoption of ECX Fabric is on the rise
ECX Fabric aims to enable networks to streamline their access to the world’s largest cloud providers.
Cloud data warehouse trends and best practices
"TDWI sees a wide range of data-driven IT systems moving to the cloud aggressively, and this includes the data warehouse."