Although human error may not be a crime, it may cause a vulnerability that could result in a digital attack.
In this lesson, you’ll learn more about types of human error and how each can create cyber vulnerabilities.
One is a social media app and the other is a store full of building supplies, but they may have more in common than you might think. They’ve both dealt with digital attacks that came as the result of human error.
Snapchat’s data leak happened when an employee was contacted by a cybercriminal pretending to be the company’s CEO. The perpetrator convinced the naive employee to send the payroll details of 700 Snapchat employees through email.In Home Depot’s case, a group of attackers managed to steal the username and password of a third-party vendor, which they then used to install malicious software on 7,500 self-checkout registers in stores across the country and into Canada.Both companies issued apologies and implemented solutions to rectify the problem, but the damage was already done.
What’s more important is that both scenarios could probably have been avoided altogether.
A study conducted by Experian determined that nearly 70 percent of IT professionals said their number one problem in protecting their organizations were internal employees.
It might be willful negligence or simply a lack of understanding or education that precipitates human errors in the role of digital attacks, but it is a critical threat facing companies today.Let’s take a look at some of the top human errors that can occur and how they lead to various types of digital attacks.
Top Human Errors
Someone once said, ”To err is human,” and that is certainly true at the intersection of digital devices and human beings. Here are some common human errors that can contribute to online attacks.
Poor Password Protocol
No doubt there is at least one person in your organization whose password is, well, ”password.
” Employees who choose weak passwords for their computers or various company websites are inviting malicious attacks into your network. A simple or easy-to-guess password can effortlessly be hacked and stolen by cybercriminals seeking access to your files or accounts.You may also have employees who are using the same password for multiple applications. This is another no-no because if the password is compromised in one place, it is likely compromised everywhere. In addition, this can be made worse by people sharing passwords with others inside the organization.
Since you never know how careful the person you’re sharing information with is being, sharing a password could be a critical mistake.
Ignoring Security Updates
We’ve all been there: Hard at work on a project or assignment when that pesky reminder to update your security software pops up. It’s easy to push it off and say, ”I’ll do that tomorrow,” until tomorrow turns into next week and next week turns into never. Employee error comes into play when software updates are ignored or, worse, the employee disables software notifications altogether. The problem with neglecting security updates is that not only does it compromise the individual’s machine, but the entire network.
Poor Threat Awareness
Just like in the Snapchat example above, employees often fail when it comes to understanding where security threats originate. It may come in the form of an email that looks like legitimate correspondence from a colleague.
The employee may unknowingly click an email attachment or download a file with malicious code embedded. Threats may come through more intentional actions, such as employees downloading files or programs from suspicious websites or connecting personal devices that could be infected, such as flash drives, to a business network.
Carelessness with Technology
Employees who have company-issued computers, smartphones or other devices have been known to lose bags containing those devices in airports or have them stolen from their vehicles. Both scenarios are the result of human mistakes, but they can present serious complications if the person who finds – or steals – this technology is able to access an organization’s files or network.Another cause of carelessness could be overworked or distracted employees who accidentally send information to an incorrect email address or fax number, which can release sensitive company details to individuals with less-than-positive intentions.
Having Too Much Access
Companies should operate on a least-privilege policy, which is giving employees the minimum amount of access to data and technology necessary to perform their job. Many in management become lax or too trusting of employees and issue blanket security privileges that are not necessary.
It’s not just lower-level employees who make human errors, but managers and executives, too, by permitting employees to have more permissions than are needed.
This last ”error” goes hand in hand with poor threat awareness, and falls on the company and its IT personnel as the culprits. Failing to adequately train employees about all of the issues above is akin to inviting a breach or vulnerability that could result in an attack. Companies need to convey the importance of sound security practices to employees so they learn to recognize potential issues, treat data and technology with care and don’t skip important security updates.
Many digital attacks in the business world can be traced to human error. These extend from front-line employees up through management. Some common sources of these errors could include poor password protocol (using over-simplified passwords and sharing passwords), and ignoring security updates and reminders to keep a computer up-to-date.
Other human behaviors that can create vulnerabilities include poor threat awareness (apparent in the data breach at Snapchat), and lack of proper training to understand what are safe and unsafe digital behaviors. Finally, managers must be careful to not allow employees to have too much security access, abiding by a least-privilege policy.