Human error is inevitable: Here are some ways to protect your business
National Preparedness Month is happening right now. It’s the perfect time to take action for you and your community. It’s all about making plans to remain safe, and when disasters do strike, to keep communications going. September 30th is the culmination of NPM, with the National PrepareAthon! Day.
If a burglar sees your Facebook status that you are traveling on vacation and then enters your house, and takes $10,000 worth of valuables, it’s safe to say you as the homeowner facilitated the theft. This is no different than leaving your doors unlocked when you head to the store. This lack of attention to security is why crime often happens.
These lapses in judgement are akin to how human error enables data breaches. Even worse, for a small business, employee behavior accounts for a significant number of hacking incidents – and the costs of data breaches are tremendous.
A study from CompTIA says that human error is the foundation of 52 percent of data breaches. The CompTIA report also says that some of the human error is committed by IT staff. Funnily enough, it also points out that typically, businesses rank human error pretty low on the priority list of potential problems.
Some important things to remember:
- Security awareness training is crucial for employees.
- A strong incident response system must be in place.
- Appointing a CISO (chief information security officer) will also help.
The high price of human error can include lost or stolen mobile devices, slow notification of a data breach, a weak security structure and response plan, and lack of a CISO. To avoid these and protect your business, you should:
- Implement an aggressive security awareness training program for employees
- Develop a data breach response plan
- Implement strong authentication practices
- Use encryption
- Implement a data loss identification system
And all companies should take note of the following safeguards:
- Vigorously train employees in safety awareness that pertains to the “bring your own device” policy. Many data breaches occur when someone conducts business on their personal mobile device.
- Security awareness training isn’t just about telling employees the facts. It also should include staged attempts at a data breach (by hired white hackers) to see who takes the bait. This also includes staged attempts by people posing as vendors or other executives trying to gain access to sensitive information.
- Back up all data on a frequent basis, ideally on a local drive in combination with a cloud service.
- Computers should be replaced every two to three years. This will make it easier for businesses because the computers at this point will still be functioning.
The prevention tactics above apply to businesses and really, everyone. Employees should be rigorously trained on proactive security and tricks that cyber thieves use. To learn more about preparing your small business against the common accidents of everyday life, download Carbonite’s e-book, “5 Things Small Businesses Need to Know about Disaster Recovery.”
#1 Best Selling Author Robert Siciliano CSP, CEO of IDTheftSecurity.com is a United States Coast Guard Auxiliary Flotilla Staff Officer of the U.S. Department of Homeland Security whose motto is Semper Paratus (Always Ready). He is a four time Boston Marathoner, Private Investigator and is fiercely committed to informing, educating, and empowering people so they can be protected from violence and crime in the physical and virtual worlds. As a Certified Speaking Professional his “tell it like it is” style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders. Disclosures.