Employees Are Still The Cause Of Most Cyber Breaches

In the era when cybercrime is growing by an astronomical rate, is your biggest strength jeopardising your company's cybersecurity?
 
The biggest strength for any company is their Human Capital and it is not unsual that most employees will do something at least once that could place their company at cyber risk. 
 
It is commonly seen that when it comes to transferring and storing of data, dealing with user credentials, backup of files, employees prioritise personal convenience over security protocols.
 
There are many ways which may lead employee to make mistakes and can be the cause of a data breach:
 
Insider malice.
Poor Password Practices
Weak Access Policies
Phishing and Social Engineering
Loss of endpoints
Malware
 
 A few common and some uncommon issuess which can be very costly to the organisations are:
 
1.      Email sent to wrong recipients
It has been reported many times in the past that many data breaches were result of information sent by email to the incorrect recipient.
 An employee at an HIV clinic in London accidentally entered the email addresses of patients in the ‘To’ field in place of ‘Bcc’ field and the organisation was fined £180,000 for the breach of privacy of the patients.
 2.      Sending Unnecessary attachments or information over email
 There are multiple incidents reported where more than the required information sent over email by employee had led to data breach:
According to the Winnipeg Free Press, an employee of the city of Calgary, Alberta, accidentally leaked the personally identifiable information (PII) of more than three thousands employees in June 2016,. The extra information was perhaps provided while seeking technical assistance.
 3.      Using Company resources for personal use
Many employees use office laptops and mobile devices for their personal use which may lead to data breach.
 4.      Insecure Downloads 
 Each of employees is in charge of their own endpoints, and what they download could be a cyber threat to your whole organisation. It is seen that employee many times are not able to differentiate a Trojan-laden file or a risky click to the link sent by an email spammer.
 
 Solutions to these problems are simple to identify but complex to implmenet:
 
1.      Cyber Security Training
2.      Cyber Risk Culture
3.      Awareness
4.      Cyber ethics and Cyber Behaviors
 
And so, organisations should prioritise the cybersecurity objectives and should not invest most of their budget on security products alone, otherwise they still might be leaving their house keys in the main-door lock.
 
Ratan Jyoti is Chief Information Security Officer (CISO) at Ujjivan Small Finance Bank:
 
Ratan Jyoti On Twitter:
 
You Might Also Read: 
 
Bank Data Breaches Are Up And It's An Inside Job:

Cyber Security is Now Business Critical (£):

 

 
 
 
« Flight Ticket Fraud Alert
Blockchain To Secure Storage Of Sensitive Data »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IP Performance

IP Performance

IP Performance Limited is a leading supplier of customised network infrastructure and security solutions.

OneLogin

OneLogin

OneLogin simplifies identity management with secure, one-click access,for employees, customers and partners, through all device types, to all enterprise cloud and on-premise applications.

Telos

Telos

Telos offers cybersecurity solutions and services that empower and protect the world’s most security-conscious enterprises.

Alarum Technologies

Alarum Technologies

Alarum Technologies (formerly Safe-T) is a global provider of cyber security and privacy solutions to consumers and enterprises.

The Media Trust

The Media Trust

The Media Trust continuously scans websites, ad tags and mobile apps and alerts on anomalies affecting websites and visitors.

Malomatia

Malomatia

Malomatia is a leading provider of technology services and solutions in Qatar including information security.

National Cybersecurity Institute (NCI) - Excelsior College

National Cybersecurity Institute (NCI) - Excelsior College

NCI is Excelsior College’s research center dedicated to assisting government, industry, military and academic sectors meet the challenges in cybersecurity policy, technology and education.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

Monster Jobs

Monster Jobs

Monster is a global leader in connecting people to jobs, wherever they are. Monster covers all job sectors including cybersecurity in locations around the world.

Cypress Data Defense

Cypress Data Defense

Cypress Data Defense helps clients build secure applications by providing training, best practices, and evaluating security during every stage of the Secure Application Development Lifecycle.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

Multipoint Group

Multipoint Group

Multipoint is an information security and protection solutions company operating in the South EMEA region through value-added distribution channels.

Cura Technology

Cura Technology

Cura Technology offers a wide array of security solutions meticulously designed to address specific facets of your security requirements.

Secure Blink

Secure Blink

Secure Blink provides automated application and API security solutions that empower developers and security engineers to protect critical assets from exploitation.

Softanics

Softanics

Softanics’ ArmDot protects .NET apps with advanced obfuscation, control flow protection, and virtualization, securing code against reverse engineering without requiring agents or environment changes.