It’s a common misconception that the only threats to an enterprise’s security come from external actors. Whether intentional or not, 47% of organizational data breaches are the result of internal human error, such as a misplaced device or document. Moreover, some employees present an even larger risk than others. According to recent reports, younger employees are more likely to bypass security protocols that are viewed as an impediment to their productivity. When it comes to onboarding new employees, young or old, enterprises must have proper security awareness & anti-phishing training, in addition to a strong privileged access management solution, to guard against the different types of human error that could create security vulnerabilities.
According to Verizon’s data breach report, “misdelivery” – sending something to the incorrect recipient – is one of the most common causes of data breaches. With convenient features such as auto-complete in email clients and applications, sending confidential information to the wrong person has never been easier. For example, an employee at a UK National Health Service clinic revealed the information of over 800 patients who had visited HIV clinics by entering email addresses in the “to” field rather than the “bcc” field. With proper security awareness training and email security, employees can better understand the gravity of such security mistakes and learn what steps they should take to completely secure their processes.
Generally speaking, users do not like using passwords – particularly strong ones. In fact, 123456 is consistently the most popular password in the world and over 40% of users use their email password for other services. Although not creating secure and unique passwords is a common mistake for many users, writing down and sharing passwords with coworkers are other ways they can be easily compromised.
To help prevent these problems, enterprises must have a strong privileged access management solution. As an integral part of any privileged access management solution, password managers should regularly change passwords and store & encrypt them to be disclosed only to admins or programs in which the passwords are required. Additionally, password manager technologies should be customizable, include comprehensive platform coverage and allow the extension of authentication security with hardware security modules, smart cards, USB tokens and more.
Vulnerabilities in computer programs and mobile applications are common. When vulnerabilities are discovered, software developers race to patch them and send updates to users. By delaying these software updates, users leave their systems open to be exploited by cyber criminals who know the exact exploit to look for. The 2017 WannaCry ransomware attack, for example, impacted over 200,000 windows users. The hackers used an exploit known as “EternalBlue,” which had been patched by Microsoft months before the attack. With proper security awareness and anti-phishing training, the 2017 WannaCry attack could have been completely avoided, as users would have better understood the importance of frequent software updates.
Many accidental employee security errors could have been avoided with proper training and awareness. It’s incredibly important to reduce employee’s opportunity to commit errors in enterprise cybersecurity. With strong email security, security awareness training and privileged access management, enterprises can be fully-educated and have the automated tools needed to ensure cybersecurity best practices are in place.