To err is human, to forgive is divine, and we all know it too well. But we have also witnessed multiple occasions when the impact of an error can be quite devastating. While we may forgive, but the damage done is certainly high. For organizations, one such scenario could be an error on the part of an employee which may lead to a massive cyber-attack.
Over the years it has been observed that organizations lose revenue, customers and business opportunities due to cyber-crime. It is believed that in 2016 alone, more than one-third of organizations that were victims of a cyber-attack, reported more than 20% of revenue loss. About 22% of affected organizations lost customers, 29% suffered revenue loss and 23% had negative impact on business opportunities. It is projected that the cost of cyber-crime will reach $2.1 Trillion globally by 2019.
When the impact is so dreadful, you definitely look into all possible areas of cyber security and carefully examine all areas where it can be compromised. What comes out as the weakest link in the entire cyber security chain is ‘human error’.
Why human error is the weakest link?
It is claimed that a large number of cyber-crimes are due to some form of human error. This includes phishing, hacking or even malware incidents. Not keeping devices password protected or keeping easily guessable passwords, clicking and opening emails from unknown/ not verified sources, accessing sites over unprotected browsers are some very basic mistakes that your employees might be making. Even their secured credentials may be hacked when they pass on information out of your network say for example, an employee mailing his work to his personal id for completing at home later or sharing sensitive information with third party vendors and partners or sharing passwords with colleagues to access their data or other common systems. At all points, there is scope of information leakage and a big threat to your business. The worst is an irate employee purposefully mishandling your company’s sensitive information and causing major data loss.
The security of your organization is also at stake due to external data thefts like loss of laptops while out of office or an attack through an external storage device which your employee used at a public machine and then on his office laptop.
The big question thus is how to handle human error?
Strengthening the weak link
While organizations are largely investing into cyber security tools and hiring specially skilled people to make sure their data is safe; it is important to educate their employees at the core to reduce vulnerability. A few things that organizations need to do include:
- Educate and train people
Employees should regularly undergo security training which should touch upon latest trends in cyber-crime so that they are abreast with latest threats. They should be educated enough on what types of mails and activities they should be wary of and what to do in case they accidentally do click on some fraudulent /damaging links. If possible, employees should be put in simulated environments like a phishing attack to give them a more realistic and hands on experience.
- Be prepared to minimize impact and damage
Ensuring multi layered protection with latest software is a basic that all organizations should follow. Special attention needs to be given to access rights and permissions to employees at different levels. Having more stringent password creation policies, better managed email servers, limiting external portable device usage and blocking certain website access from official devices are some other ways to improve cyber security. With these in place, not only do you reduce the chances of a cyber-attack but also ensure least damages in case of a cyber-crime.
3. Back up your data – At all times!
Maintaining regular, timely and proper backups is the only way to ensure least damage in case of cyber-attacks. While it is advised to have best security software and practices in place, your systems are still vulnerable to threats and the only way to control or minimize the damage is by ensuring proper backups for your systems. It would be even better to have backups at multiple locations like cloud, external hard drive or even a thumb drive. Having latest updated software along with regular backup scheduling can work well in preventing attacks as well as reducing the intensity of damage.