According to a recent study by Stanford University, 88% of all data breaches were caused by human error. In a cyber security context, human error means unintentional actions – or lack of action – by employees and users that cause, spread or allow a security breach to take place.

How does human error cause so many breaches and what can be done to improve employee cyber behaviour? This post explores the nuances of human error in cybersecurity, its categories, common examples, underlying causes, and proactive prevention strategies.

Categories of Human Error

Human errors in cybersecurity can be categorised into two types: skill-based and decision-based errors.

Skill-based Errors

These involve small missteps during routine tasks due to temporary lapses or distractions. Such errors occur when an individual knows the correct action but fails to execute it properly. Examples include accidental clicks on malicious links or mis delivery of sensitive information.

Decision-based Errors

This type of error stems from faulty decision-making. Lack of knowledge, inadequate information, or even passive inaction can lead to incorrect choices that compromise security.

Common Examples of Human Error in Businesses

Mis delivery:

Accidentally sending confidential information to the wrong recipient due to auto-suggest features in email clients, a significant contributor to data breaches.

Password Weaknesses:

Poor password practices, such as using weak passwords, writing them down, or sharing them, create vulnerabilities.

Delayed Patching:

Neglecting timely installation of security updates provides cybercriminals with opportunities to exploit vulnerabilities.

Preventing Human Error in Your Business

To effectively combat human error and bolster cybersecurity, organisations should focus on two approaches.

Reduce Opportunities:

Businesses can minimise the potential for errors by implementing these strategies:

– Control Privileges:

Limit user access to only necessary data and functions to reduce exposure in case of an error.

– Password Management:

Utilise password manager applications and mandate two-factor authentication for added security.

Address Lack of Knowledge with Training:

– Cover Core Security Topics:

Train employees on various security aspects relevant to their roles, such as email usage, internet safety, phishing, and malware.

– Engaging and Relevant Training:

Employ interactive and engaging training methods using multimedia elements. Conduct regular, brief training sessions to reinforce knowledge.

At Nimbus, we proactively monitor our clients systems to ensure that we can catch a data breach before anything sinister happens. Our skilled engineers can provide your organisation with the correct tools and training for your staff to help mitigate against human error. If you would like more information on how we can protect your business contact us today.