The CSO Dilemma: We Have Found the Enemy, and He is Us
We all make mistakes. Miscellaneous/human error, while not harboring bad intentions, is still a major problem for organizations as it may cause data leaks.
10 December 2015
We all make mistakes. In fact, miscellaneous errors were a top cause for data breaches, over crimeware, insider misuse, and theft among other causes, based on data from the 2015 Verizon Data Breach Investigation Report (DBIR). SolarWinds conducted a survey that found that more than half (53%) of federal IT pros identified the greatest source of security threats as careless and untrained insiders. Last year’s IBM Security Services 2014 Cyber Security Intelligence Index agreed with this view, revealing that around 95% of all incidents investigated recognized human error as a contributing factor. And in research conducted by the Ponemon Institute with Intralinks last year, they found that more than 60% of IT security practitioners often accidentally shared files with individuals they shouldn’t have.
What all of these reports have in common is that they show human error, while not harboring bad intentions, is still a major problem for organizations.
How to Protect Data from Human Error
So what can a company do to mitigate this risk? It seems simple, but the best way to prevent employees from making those mistakes is to make them aware that what they’re doing could affect the security of the information they are trying to protect. Putting technical controls in place can only go so far — you also have to educate employees, regularly.
Choosing the right way to have employees share information is key, and we’ve spent a lot of time talking about how to do that here (and here, and here), giving you the information to consider when choosing an enterprise file sharing and collaboration tool for your company. But this will only take you so far. A secure tool won’t work if your employees won’t use it, or choose to use unsafe alternatives.
Being able to monitor if your employees are using other products is a great way to find that out, but education and information is probably one of the best lines of defense. Use it wisely, and use it often, and it’s likely that a lot of those oops moments can be avoided.
Esther is a senior corporate communications manager at Intralinks. She provides content for internal and external communications activity as well as general corporate positioning in order to support overall company objectives. Esther has been creating communications materials for a variety of organizations and companies for more than 10 years. She graduated from Rutgers University with a degree in English Literature.