Human Error is the Cause of 25% of All Data Breaches
That is a very scary but real fact. And if you run a business, it means that no matter how secure you think you are, your employees (and yes, even you) are a huge risk to your company.
One quarter of all data breaches last year were caused by human error. The average cost of breaches in 2018 was $3.92 million, a 1.5 percent increase from the year before. And if that wasn’t bad enough, the amount of time it takes to recover from a data breach is growing as well. Studies shows that it takes an average of 279 days, which is 4.9 percent longer than the 266-day average in 2018. Overall, malicious and criminal attacks are the leading root cause of data breaches in 2019 at 51 percent. System glitches caused a quarter (25 percent) of data breaches in 2019, and human error is the root cause of 24 percent of them.
Why is human error to blame for so many breaches? Mainly because people fall for phishing attacks.
This is a method that remains a wonderfully effective hacking tool. This is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate web-page. The distinction is that the phishing email asks the user to enter personal information, including pass-codes. In either case, that is how hackers easily get into your systems.
What's the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. We use a tool called KnowBe4 which is a security awareness training program for your employees. This effective and cost efficient program educates your team on what to look for to recognize a malicious email. Then they regularly send out their own "fake" phishing scam emails. Employees who click on the link inside are greeted with a notice that they've fallen for a phishing scam and then are offered tips how not to be fooled in the future. The employees that fail have to complete a training program online. If they repeatedly fail, training gets more intensive. The results that we have seen after employees are educated are staggering. This is one of the most successful programs we have seen in teaching people to not fall for the bait.
Education is and will remain the best defense against data breaches caused by phishing attacks. For more information, or pricing, contact us today.