Employees Are Still The Cause Of Most Cyber Breaches

In the era when cybercrime is growing by an astronomical rate, is your biggest strength jeopardising your company's cybersecurity?
 
The biggest strength for any company is their Human Capital and it is not unsual that most employees will do something at least once that could place their company at cyber risk. 
 
It is commonly seen that when it comes to transferring and storing of data, dealing with user credentials, backup of files, employees prioritise personal convenience over security protocols.
 
There are many ways which may lead employee to make mistakes and can be the cause of a data breach:
 
Insider malice.
Poor Password Practices
Weak Access Policies
Phishing and Social Engineering
Loss of endpoints
Malware
 
 A few common and some uncommon issuess which can be very costly to the organisations are:
 
1.      Email sent to wrong recipients
It has been reported many times in the past that many data breaches were result of information sent by email to the incorrect recipient.
 An employee at an HIV clinic in London accidentally entered the email addresses of patients in the ‘To’ field in place of ‘Bcc’ field and the organisation was fined £180,000 for the breach of privacy of the patients.
 2.      Sending Unnecessary attachments or information over email
 There are multiple incidents reported where more than the required information sent over email by employee had led to data breach:
According to the Winnipeg Free Press, an employee of the city of Calgary, Alberta, accidentally leaked the personally identifiable information (PII) of more than three thousands employees in June 2016,. The extra information was perhaps provided while seeking technical assistance.
 3.      Using Company resources for personal use
Many employees use office laptops and mobile devices for their personal use which may lead to data breach.
 4.      Insecure Downloads 
 Each of employees is in charge of their own endpoints, and what they download could be a cyber threat to your whole organisation. It is seen that employee many times are not able to differentiate a Trojan-laden file or a risky click to the link sent by an email spammer.
 
 Solutions to these problems are simple to identify but complex to implmenet:
 
1.      Cyber Security Training
2.      Cyber Risk Culture
3.      Awareness
4.      Cyber ethics and Cyber Behaviors
 
And so, organisations should prioritise the cybersecurity objectives and should not invest most of their budget on security products alone, otherwise they still might be leaving their house keys in the main-door lock.
 
Ratan Jyoti is Chief Information Security Officer (CISO) at Ujjivan Small Finance Bank:
 
Ratan Jyoti On Twitter:
 
You Might Also Read: 
 
Bank Data Breaches Are Up And It's An Inside Job:

Cyber Security is Now Business Critical (£):

 

 
 
 
« Flight Ticket Fraud Alert
Blockchain To Secure Storage Of Sensitive Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Nuvias Group

Nuvias Group

Nuvias Group is a specialist value-addedd IT distribution company offering a service-led and solution-rich proposition ready for the new world of technology supply.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Findcourses.com

Findcourses.com

Findcourses is a dedicated education search engine designed to make it easy for our learners to search and find exactly what they need from our community of trusted training providers.

NuCrypt

NuCrypt

NuCrypt is developing technology that is applicable to ultrahigh security data encryption as well as key distribution.

PQShield

PQShield

PQShield are specialists in Post-Quantum Cryptography. We provide quantum-secure cryptographic solutions for software, software/hardware co-design and data in transit.

Enet 1 Group1

Enet 1 Group1

Enet 1 Group audits, assesses, recommends, and delivers tested solutions for the ever-increasing threats to your critical systems and digital assets

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

National Cyber Coordination & Command Centre (NC4) - Malaysia

National Cyber Coordination & Command Centre (NC4) - Malaysia

NC4 is established as a center for dealing with cyber threats and crisis at the national level in Malaysia.

SAM Seamless Network

SAM Seamless Network

SAM Seamless Network is a cybersecurity technology platform that protects the connected home, by tackling cyber security threats at the source.

Technisanct

Technisanct

Technisanct works with Governments, especially Law Enforcement and Defence agencies, helping them in monitoring threats, managing their data and resolving their forensic needs.

Cybaverse

Cybaverse

Cybaverse (formerly North Star Cyber Security) was founded to create the perfect blend of a Managed Security Service Provider (MSSP) and a Cyber Security Consultancy in one.

CFTS

CFTS

CFTS 'Computer Facilities Technical Services' is a Ugandan ICT Support Company that specialises in infrastructure and support services including network security.

AdronH

AdronH

AdronH is a company of Cyber Security consultants. We support companies and public institutions with their digital transformation to new and secure business platforms.

Sycope

Sycope

Sycope is focused on designing and developing highly specialised IT solutions for monitoring and improving network and application performance.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.