People
People
35% of all security breaches are caused by human error, and there is not a single one of us who does not make mistakes.
Making mistakes is an essential part of human experience: how we grow and learn. But in cybersecurity, human error is too often overlooked.
Cypro will help your business see the potential gaps in human error and mitigate many of the cyber security breaches that happen in Australian businesses
- Human Threats
- Security awareness
- Behavioural measurement
- Making it stick
- Measuring
What is human error in cybersecurity?
In the context of security, human error refers to the unintentional actions – or lack of awareness of staff and users that cause or enable a security breach. In our increasingly advanced and complicated work environments, there are more and more tools and services we use, each requiring us to remember usernames, passwords, and more. It all adds up, and when there is no alternative, secure solutions, employees resort to shortcuts to make their lives easier.
Types of human error
While the possibilities for human error are almost limitless, they can be broadly divided into two different types: capability-related and decision-related.
Ability-related errors
Skill-related errors are small errors that occur when performing familiar tasks and activities. In these cases, the end-user knows the correct course of action but fails to do so due to temporary inattention, error or negligence. For example, this may occur because the employee is tired, inattentive, distracted, or has a minor memory lapse.
Decision-related errors
Decision-related errors occur when a user makes an incorrect decision. Several factors can influence this: Often, the user does not have the necessary knowledge, does not have enough information on the particular topic, or is unaware that they are deciding due to their inaction.
Physical security flaws
Although data breaches are most often attributed to cyber-attacks, companies are also exposed to physical breaches.
Information and credentials can be stolen or accessed by unauthorised persons.
Physical security breaches come in many forms, such as unattended sensitive documents on desks, in meeting rooms, or even in printer output trays.
Anyone accessing the company’s premises can take the document without anyone realising it is missing.
Tokens for building entry such as secure carparks
Staff has secure car parking and a token allows them access to a lock-up car park. Tokens can be lost, misplaced, or even loaned.
Cypro does a complete security audit of a workplace and looks at the breaches that happen. With a cyber security specialist, they will see things that staff and management are not even aware of
What factors cause human error?
There are a variety of factors that promote human error, but most of them can be boiled down to these three factors: Opportunity, environment and lack of awareness.
Opportunity
Human error can only occur when there is opportunity. This may seem obvious, but the more opportunities there are to do something wrong, the more likely it is that a mistake will be made at some point.
Work Environment And Culture
The environment of a workplace can contribute significantly to the occurrence of errors. Adequate office temperature is an important factor, but privacy, noise levels and posture can also contribute to an error-prone environment.
Lack of awareness
Much of human error is due to end-users simply not knowing the correct course of action. Users who are unaware of the risk of phishing are more likely to fall for phishing attempts.
How can you prevent human error in your organisation?
By engaging a cyber security expert such as Cypro, we will quickly pinpoint the potential issues from happening and address and correct cyber breaches that are happening with in a workplace and create comprehensive protection plan for your organisation.
Reducing opportunities
The best way to reduce the propensity for error is to change workflows, routines and technologies to systematically reduce the propensity for error and we can help you implement these changes.
Control permissions
Ensure that your users can only access the data and functions they need to perform their tasks. This will reduce the amount of information that is exposed, even if the user makes a mistake that leads to a breach.
Password management
Since password-related errors are a major risk of human error, distancing users from passwords can help reduce the risk. Password managers allow your users to create and store secure passwords without having to remember them or risk writing them on sticky notes. You should also enforce the use of two-factor authentication in your organisation to further protect your accounts.
Change your culture
A security-focused culture is key to reducing human error. In a culture of security, security is factored into every decision and action, and end-users will actively seek out and discuss security issues as they encounter them.
Make it easy to ask for help
As part of the learning process, your team are likely to encounter many situations where they are unaware of the security implications. It is important to have access to another experienced person rather than guess and risk making the wrong decision. Make sure that someone is always available to answer end-users’ questions in a friendly manner, and reward users who ask good questions and Cypro can help set this up
Train staff on all important security issues
Human error can manifest itself in many ways.You must train your staff at a basic level on all security issues they may encounter in their daily work. The use of email, the internet and social media, as well as phishing and malware training, are some topics that should be covered in training.
Training should be engaging and relevant
Your employees have a limited attention span, and you must ensure that training does not numb them. Training should also not be delivered at yearly intervals that your employees forget after a week but should be repeated regularly throughout their working lives in a short, easily digestible format.
Our cyber security experts are here to help
We work with businesses of all sizes to help them identify, and then manage their cyber security risks.