As we’ve stated before, hacking is about exploiting vulnerabilities -whether they are system, technical or people related. A lot of the publicly available research points to human error as a major contributor of data breaches. According to the Symantec/Ponemon study, at least a third of serious data breaches were connected to human error or negligence.
In some cases, disgruntled employees with access to confidential information directly cooperate with hackers. Although there have been some high profile cases of this occurring, in most cases negligence and social engineering are more significant factors.
What can be done to reduce the hacking resulting from human error?
In order to change behavior you will need to train your employees about how to handle information in the age cyber-crime. Training can be both formal and informal and should vary by role. Frontline employees who handle credit cards need very different training than back office accounting and finance staff.
Here are some of the areas that need to be covered:
• The dangers of posting personal information on social media. E.g. hacker can use your place of birth in password reset questions to hack into an account. (E.g. Sarah Palin’s email got hacked this way).
• How to handle sensitive company information such as passwords and customer data. Your employees need to understand the dangers of malware, viruses etc. One that should be reinforced is never to give out passwords or confidential information over the phone or via email.
• Other areas that can reduce the level of cyber-crime due to human error include:
- Put in place security protocols that relate to access to data, encryption of files and confidentiality of information.
- Limit access to confidential information and put mechanisms in place