We all make mistakes. I mean, we’re only human after all. But did you know that according to CompTIA’s Trends in Information Security study, human error actually accounts for 52 percent of security and data breaches? Yikes, looks like being human can be a big cause for concern when it comes to any business’s data security.
Although human error is normal and inevitable in some cases, it can be more of a threat to businesses than most are aware of – including your clients! Backup and disaster recovery (BDR) plays an important role in ensuring that these mistakes don’t turn into serious problems. Read on to discover how you can inform your clients of these threats and protect them against potential data disasters.
What Is Human Error?
Any business with employees has something to worry about when human error is this high. However, it can be difficult to define because error comes in many forms. Typically, it involves circumstances in which certain actions, decisions or behaviors threaten business security. Some goofs and gaffes may seem harmless, but major slip-ups happen more often than you’d think and can seriously jeopardize sensitive data. So why are these mistakes so threatening to IT environments, and just what kind of bad habits do businesses need to correct? Here are some examples of what human error could look like for you or your clients:
Using weak passwords
Although passwords may seem like the most basic security technique, they can be easily cracked or obtained by malicious perpetrators when not handled with proper care. In this year’s Verizon Data Breach Investigations Report, they found that 63 percent of confirmed data breaches involved using weak, default or stolen passwords. This goes to show that using simple passwords, sharing them with other employees or even leaving Post-Its with credentials lying around, can lead to precious and private data being compromised.
Low security awareness
Most employees have a surprisingly low awareness about phishing and other cybersecurity attacks. According to the same Verizon report, 30 percent of phishing emails were opened, and of those, 13 percent caused malware to activate. Emails containing malicious links are becoming increasingly sophisticated, and malware authors are finding new ways to bypass filters and make it to your inbox. Without full user awareness of these security risks, employees could click on phishing links, exposing their network to viruses and malware. Employees with insufficient cybersecurity education could be unknowingly helping hackers gain access to their business networks. What would that mean for your clients? Do they know how to spot a malicious scheme before the damage is done?
Carelessly handling data
We’ve all had those days when we’re not feeling at the top of our game, but when it comes to handling sensitive company data, careless actions can result in major disaster. According to the same study by CompTIA, 42 percent of error-related breaches are caused by “general carelessness” of users or employees. Whether it be accidentally deleting important files, sending company data to the wrong email recipient, neglecting software updates, or even misplacing mobile devices – a little carelessness can cause a lot of trouble.
Why Is Human Error a Threat?
Most businesses are unaware that the greatest security threat could be internal. With criminal cyber-activity on the rise, not enough business owners are paying attention to the avoidable consequences of human error. Unfortunately, people still suffer from what I like to call the “this could never happen to me” mindset.
You could have the best technology and procedures in place, or a well-thought out disaster plan, but one unforeseen slip-up by an employee at a client site could mean the end of the road. As an MSP, it is your responsibility to ensure that your client’s network and data are protected from these potential threats. Understanding that human error is the root of these problems is only the first step, so what else can you do?
Be a Strategic Business Advisor
Having an effective backup and disaster recovery solution can give MSPs like you the opportunity to strengthen your clients’ data security, but there are other ways you can go beyond simply being their backup provider.
Walk clients through their errors
Talking about common mistakes and mapping them out is the best way to work through problems with clients. Tracking and analyzing how errors occur can help you minimize the chances of them happening again and also mitigate the potential damage. Preventing errors from occurring again will also help reduce the amount of tickets you have to remediate, which is always a win-win.
Create a solid security policy
It’s always a good idea to have a documented procedure when it comes to data security. Sitting down with clients and creating rules and best practices will ensure clarity and that all company data and information is being handled and stored properly.
Inform and train your clients
CompTIA’s study also revealed that only 54 percent of companies offer some form of cybersecurity training! Avoid falling under that statistic and use your expertise to educate clients about smart security procedures. Have a conversation with them about the daily threats that human error can pose, or give them tips on security best practices. This will also open the opportunity to demonstrate the benefits of your BDR offering, the ultimate backup plan. Employees at all levels within the company will walk away with a better appreciation for how your business continuity solution can protect their bottom line if and when human error occurs.
In the end, eliminating human error is nearly impossible, but having a BDR solution will help ensure the preservation of sensitive client data in the event someone makes a business-crippling mistake. Remember, users likely won't know if they're endangering corporate proprietary information because they're probably not familiar with the various data threats to watch out for. Set them up for success by regularly having an open dialogue, and use the customizable sales enablement sheet below to get the conversation started!
By Lily Teplow
By Brian Downey
By Dave LeClair