Employee errors risk companies’ data security

Companies should encrypt their data and move away from using paper documents in order to protect valuable information and thwart the continuing threat posed by hackers and criminals.

Employee error remains one of the biggest weaknesses in firms’ fight against cyber attacks with many failing to the implement even half- decent defences. 

A number of simple steps can be taken to limit the risk of simple employee mistakes triggering cyber attacks, according to Verizon investigative response managing principal, Laurance Dine.

“Awareness and training is a way to combat that. Another thing to do is to encrypt your data so if it gets sent to the wrong person then at least they don’t have the password to decrypt or the key or however you want to send it out.

“One of the things we talk about is moving away from paper documents because you can’t encrypt a paper document so if somebody puts that in the mail and it gets sent to the wrong person they obviously have access to it. 

"But if you encrypt your data and that gets sent to the wrong person by accident then at least they don’t have the key to unlock it,” Mr Dine said.

Verizon’s 2016 data breach investigations report which draws on data from 82 different countries shows the same vulnerabilities and attack types showing up year after year.

Simple errors such as failing to apply software patches, a shortage of server capacity which can overwhelm internal systems and mistakes by employees continue to account for a large number of cyber incidents. More malicious motivations from those within an organisation also pose a significant risk to firms’ data security.

Typically, attacks of this sort are motivated by money, as indeed the majority of all breaches are.

A quarter of “insider threat” attacks are linked with espionage, however, including the theft of intellectual property.

Insider threats, which typically take longer to identify, also help skew “detection deficit” statistics which show organisations take weeks or more to discover an incident has occurred while 93% of attacks take minutes to compromise a system.

“The detection deficit has been there and been similar for years... One of the things that skews it a lot is insider threat where individuals steal your data before they leave a business or steal the data and sell it to bad people.

“That’s a very difficult thing to track and a lot of those take months and years to identify. 

"There’s always going to be people who are going to be disgruntled employees who either believe that the data they are stealing belongs to them because they created it, whether it’s a piece of software or whatever idea it is, or there’s always going to be people that try to manipulate your employees to provide that info for financial gain,” Mr Dine said.


Lifestyle

Another episode, another incredible Cork woman. The tale of Mother Jones, the famous union organiser and activist against child labour in 19th century America.Five things for the week ahead: RTÉ showcase another incredible Cork woman

Holger Smyth part-owns and runs Inanna Rare Books, which has recently opened a ‘rare book lounge’ at the former Hawthorn creamery near Drimoleague, Co Cork.We sell books: Cream of the book crop sold from former co-op

Milton Jones talks hecklers, Hawaiian shirts and the world’s favourite clever Irishman with Richard FitzpatrickMilton Jones: When one line will do just fine

After almost 70 years of trying the search goes on, but so far nothing has been found.Sky Matters: Whether we are alone in the Universe has exercised many great minds

More From The Irish Examiner