4 of the 5 top causes of data breaches are because of human or process errors
Although data breaches as a result of cyber-attacks get all the press, it is often negligence or a lack of basic processes, policies and procedures that result in data breaches.
The Information Commissioner’s Office (ICO) compiles quarterly statistics about the main causes of reported data security incidents. In the last quarter, four of the five leading causes in cases where the ICO acted involved human errors and process failures:
- Loss or theft of paperwork – 91 incidents
- Data posted or faxed to incorrect recipient – 90 incidents
- Data sent by email to incorrect recipient – 33 incidents
- Insecure web page (including hacking) – 21 incidents
- Loss or theft of unencrypted device – 28 incidents
This is where staff security education comes in
Successful security awareness programmes provide more than just information. Any programme must be targeted, actionable and deliverable. The system must encourage employee feedback.
More key requirements of a successful security awareness programme:
- Firstly, it must be designed specifically for the audience the organisation is trying to reach.
- Learners must have clear instructions on the next steps to take.
- It should focus on multiple exercises that emphasise many facets of security, not just one type.
- Learning take-aways should be simple, memorable and manageable to ensure adoption.
- It is vital there is a follow-up process to gather feedback on employees’ experience of the engagement and what improvements can be made.
- Assessments must form part of the programme.
Therefore, you should work to develop an innovative, structured security awareness programme. Such a programme should deliver the desired change in employee behaviour, an organisation needs to cultivate a security culture. Subsequently, your security needs to be woven into the organisation’s DNA and upheld by everyone. This includes everyone from the cleaners right up to the boardroom.
So, what have you put in place to address the potential causes of data breaches in your business? Talk to our cyber team today about holding a review of the measure you have in place and take guidance and a set of policies and procedures to help you. We can also help you become accredited to the government-backed cyber security programme cyber essentials. Please contact us here or call us on 03333 22 1011 for more information.