4 Human Errors in Cyber Security

Human Errors in Cyber Security

Human error is inevitable, and that is exactly what hackers count on. One slip-up can result in the loss of large amounts of data and cause a company to lose its credibility in the eyes of its customers. Overspending on high tech systems while neglecting employee training in cyber security is a poor strategy that will prove ineffective. It is also the main reason why human error is a leading cause of cyber attacks. Although it is not possible to completely eliminate human error, seeking ways to minimize it as much as possible will help reduce the occurrences of security breaches. In order to be able to do that, it is important to know the main sources of human error and how to avoid them.

  1. Misuse of information access privileges

    The inappropriate use of company information is a recurring issue in many organizations. Employees who are blindly entrusted with trade secrets or access to sensitive information often take advantage of the freedom they enjoy and end up losing their jobs and the trust of their company in the process. In many cases, executive authorities who hold senior positions within an organization have put their companies at risk in the aim of achieving a hidden personal agenda.

    Such issues can be avoided by creating records of employees with access to sensitive information and reducing their number where possible. A company can also observe and track the usage of privileged access by leveraging Privileged User and Monitoring Access tools (PUMA). By recording, tracking and auditing all actions taken by privileged users, PUMA tools bring attention to any anomalies and deviations from normal employee habits. This helps in monitoring the possible existence of any internal threats in an organization.

  2. Use of unauthorized software or hardware

    Companies try to protect sensitive data by enforcing a policy which prevents employees from using unsecured software and hardware. However, often times employees make the bad decision of deviating from company protocol through the use of unapproved tools and programs because they are faster or easier to use. This could include the use of unsecured wireless access points, servers or portable storage devices. Going against company protocol could introduce malicious software into its system and can leave it open and vulnerable to attacks. Hackers can then steal or take control of sensitive data or company computers and hold them hostage in ransomware attacks.

    It is important that employees adhere to their organization's policies to avoid the risk of exposing valuable information to cyber criminals. Organizations should also keep updated records of the licensed software that is used on their computers, as well as patch tools and asset managers to monitor the use of unsupported software. Additionally, it is important to keep track of approved hardware on the premises. Although it is considerably harder to monitor hardware, doing so will make it difficult for employees to break the rules.

  3. Improper disposal of information

    A prevailing misconception in many companies is that after the disposal of information, the organization is immediately absolved of the responsibility for that data. This, of course, is not the case. Organizations that have access to their clients' personal information will always be under the obligation of protecting it from invasion of privacy, identity theft, financial fraud and any other form of attack. So much so that organizations can be held accountable if a client's information is stolen as a result of improper disposal.

    Companies can ensure that their employees dispose of information correctly by monitoring this process closely and assigning a supervisor tasked with the job of ensuring that no mistakes are made. Enforcing a clear set of guidelines that instruct staff on how to properly dispose of information removes the decision making process from the employee's hands. This is an effective strategy that will help minimize errors in that aspect of the organization.

  4. Unforeseen accidents

    Accidents resulting from negligence, inexperience or any other reason are in abundance. They include opening phishing emails, losing hardware containing company secrets, theft etc. Organizations must instruct staff on how to detect phishing emails and malicious websites, protect their login credentials and adhere to the company's threat mitigation policies. They should also train employees in the organization's incident response plans so that they are well rehearsed on what to do in case of a cyber attack. This minimizes the possibilities of security breaches and helps to create an organized response to threats.

Client Success

MetroHealth System Logo
  • 50% reduction in time to deploy Giva's change, incident, problem, asset management and knowledgebase modules
  • 60% reduction in the 5 year Total Cost of Ownership (TCO)
  • Saved at least 1 FTE due to lower ongoing administration
  • Saved 1 week per month due to easy to use reports
Athens Regional Health System Logo
  • Increased to 90% achievement in meeting service level agreements
  • 70% reduction in generating reports and admin; eliminated 35 hours/month
  • 50% faster to create/assign a service request
  • 60% increase in information captured during the initial phone call
  • 50% increase in the number of service requests created due to intuitive design
Santé Health Systems Logo
  • 80% increase in productivity by using Giva's dashboards and reports
  • 60% increase in meeting service level agreements
  • 45% increase in the number of the calls logged due to Giva's intuitiveness and ease of use
  • 50% increase in productivity by using Giva's integrated custom forms