The Role of Human Error in Cybersecurity Breaches

The Role of Human Error in Cybersecurity Breaches
The Role of Human Error in Cybersecurity Breaches

We encourage organizations to own their role in cybersecurity by starting with the basics, including creating strong passwords and implementing regular cybersecurity awareness training.

While faulty software or a backend development problem causes noteworthy breaches, the number one reason for a breach is a human error by employees. These breaches allow critical data to be compromised, causing a ripple effect of downtime to systems, networks, and devices – or even threatening your reputation with current and potential clients. As mentioned in our blog, Catch a Phish Before It Catches You, the average cost of a data breach in 2020 was a staggering $3.86 million.

Avoid Being a Statistic

 A recent study, “Psychology of Human Error,” found that a mistake made by an employee causes approximately 88% of all data breaches. The study also states that nearly 50% of the employees are “very” or “pretty” certain they have made an error at work that could have led to security issues for their company.

The risk of a breach caused by human error reduces with regular education and awareness around cyber threats. An organization with a strong cybersecurity and awareness program can answer yes to the following questions from Defendify’s free Cybersecurity Health Checkup:

  • Are there written rules on how employees are expected to use company technology devices and data?
  • Do employees receive ongoing alerts about new cybersecurity threats, topics, and trends that may impact your organization?
  • Are employees regularly tested to see if they might click on bad links or open unknown files in suspicious emails?
  • Do your employees receive ongoing, regular awareness training on cybersecurity safety, topics, and best practices?
  • Are there cybersecurity safety notices and posters displayed in your facility or shared electronically?

If the answer is “no” to some or all questions listed above, it is time to bolster cybersecurity awareness through training and instilling policies throughout the organization. All employees, including everyone from the C-Suite to an intern, are responsible for cybersecurity. Although, many do not have an awareness of how to identify and respond to an active threat.

Keep Your Data and Password Secure

An alarming number of breaches are due to employees practicing poor password hygiene habits. In 2019 about 80% of data breaches were caused by password compromise. Implementing policies and awareness training around the importance of proper password hygiene will drastically reduce the chances an organization is breached because of human error. Here are a few tips for creating a strong password:

1. Avoid personal information. It’s just too easy to guess. Attackers sometimes use a compiled personal information database to more guess passwords.

2. Make it long. When you add characters to a password, the number of possible combinations for a brute force attack grows exponentially. Experts recommend at least 13 characters, but this recommendation will increase as brute force attacks become faster and more advanced.

3. Don’t recycle passwords. It’s important not to reuse a password, no matter how strong. If one account is breached, the first thing an attacker will do is try the same login for other, potentially more critical, sites. The average person reuses each password 14 times!

4. Use Passphrases. A long, strong, and memorable passphrase is one excellent method. For example, use a string of unrelated words, ideally with extra characters (e.g., “hammer-jumping Fuzzy Creator.” Or try a longer sentence like, “I want to eat some cotton candy!”. And you can find a whole lot more from ConnectSafely.

5. Use a password manager. A password manager can create and store strong and unique passwords for each of your accounts. This management system takes the guesswork out of creating a new password for each account and manages all of them in one place.

Cyber Awareness Reduces Human Error

Implementing regular awareness and education around cybersecurity is essential to reducing breaches caused by human error. Still, it is easier said than done, especially for organizations without a dedicated security team. Creating policies that include proper password hygiene, continuous education, and awareness training take resources that most businesses simply do not have to spare. But, with a comprehensive cybersecurity program you can instill that continuous employee awareness and institutional knowledge around cybersecurity without dedicating an entire team to the ongoing effort.

More cybersecurity awareness resources:

Cyber Readiness Institute : Secure Sharing Checklist
NCSA: Cybersecurity in A Flash! Ransomware: Response and Recovery
CompTIACybersecurity Advice for MSPs: Keep the Car Doors Locked

Resources & insights

Why is Vulnerability Management Important?
Blog
Why is Vulnerability Management Important?
Do you know what vulnerability management is and why it's important? It uncovers deeper, company-wide security vulnerabilities that can wreak havoc throughout a network.
Cost of a Cyberattack vs. Cybersecurity Investment
Blog
Cost of a Cyberattack vs. Cybersecurity Investment 
Detailing the cost of a cyberattack versus the ROI of a cybersecurity investment enables leadership to see cybersecurity solutions are worth it.
Defendify Listed as a High Performer in Six G2 Grid Categories
Blog
Defendify Listed as a High Performer in Six G2 Grid Categories
The Defendify Cybersecurity Platform has been listed as a High Performer in six Summer 2022 Data Security Software Category Reports on the technology review site G2.

Protect and defend with multiple layers of cybersecurity

Faster. Smarter. Stronger.

Explore layered
security

Learn more about Defendify’s three key layers and All-In-One cybersecurity.

How can we help?

Schedule time to talk to a cybersecurity expert to discuss your needs.

See how it works

See how Defendify’s platform, modules, and expertise work to improve security posture.