While cyber threats continue to be a massive drain on business productivity, there is another, less obvious vulnerability: unintentional employee error. Indeed, a majority of businesses say that simple human error is their leading cause of data loss, according to a survey we conducted.
Among survey respondents, 61 per cent reported that their company had suffered a data loss over the last two years. More striking is that 67 per cent of respondents said human error – everyday mistakes made by employees – was the primary reason for data loss and system outages. While human error, such as weak passwords and “dirty” work environments, can be the pathway to security hacks, it can also wreak havoc far greater than that of a third party with malicious intent.
According to the Office of the Australian Information Commissioner (OAIC), one in three data breaches this time last year were linked to human error, such as sending the wrong recipient via email, unauthorised disclosure through the unintended release or publication of personal information, as well as the loss of paperwork or data storage device.
It can be as simple as an employee misplacing a spreadsheet or spilling coffee on their laptop. Perhaps the most famous – and harrowing – data-deletion story involved Pixar during the production of Toy Story 2. One of the movie’s animators accidentally entered a delete command, resulting in a cascade of errors that erased 90 per cent of the production files. Worse, the data-backup system failed to work properly due to inadequate disk space. For a brief moment, there were fears that the entire production would have to be scrapped. It was only a Herculean effort by the technical crew that saved the much-loved film.
The data-loss problem could become even more prevalent in the current and post-COVID world, as millions of people work remotely. Moving employees, their computers, and their data from a secure office environment to a less-secure home environment present a wide range of unintentional data-loss risks.
The reality is that employees will continue to make mistakes. They’re only human, after all. But here are three ways that businesses can protect themselves against catastrophic data loss resulting from human error.
With so many employees working remotely, it’s harder for businesses to manage backups and store data on the corporate network. Encourage employees to be responsible and back up their data regularly. If they store data on a local flash drive inserted into their laptop, they should back it up to the cloud or another hard drive. If employees store their data primarily in the cloud, they should be sure to have another copy somewhere offline.
All employees, especially those working at home, need to be regularly reminded to update the software on their devices and to enable all available security features, such as firewalls and anti-malware. Failing to install updated software and security patches is a well-known employee misstep that creates the gap for malware and ransomware to seize on.
Employees should only be able to access data and folders based on the principle of “least privilege.” This is the concept of only giving employees enough access to perform their required jobs. Least privilege can prevent workers from accidentally deleting or corrupting files they should never have had access to in the first place. Enforcing the least privilege can significantly reduce the risk caused by human error.
Your weakest link may well be the “danger within”, albeit unintentional. With the right strategies and processes in place, you can limit data loss when your employees inevitably make mistakes.
Leo Lynch, Director – Asia Pacific, StorageCraft