Ever accidentally accessed confidential files in the workplace when access should not have been granted? You’re not alone. A new report by Australian quantum cybersecurity company QuintessenceLabs reveals that office workers in micro/small businesses are the most likely to increase the risk of a data breach, yet business leaders of this size organisation are the least likely to be aware of them doing so.
While Australian businesses are on high alert from hackers, many are underestimating the risk posed by human error and weaknesses in their own internal security processes. The QuintessenceLabs Breach from Within Report found 3,675,000 Australian office workers have done something which could potentially lead to a data breach.
The report uncovered the fact that 38 per cent of SME office workers have committed serious data security transgressions, such as accidentally emailing confidential files to the wrong recipient. Furthermore, 16 per cent of micro and small businesses do not have any security protocols in place, yet just 20 per cent of business leaders in small/micro businesses believe it is likely they will suffer a data breach.
The report also found that:
- Three quarters (74 per cent) of office workers in small or micro businesses have done something which could potentially lead to a data breach, yet only 42 per cent of business leaders of this size organisation are aware of their employees behaving this way.
- One in three SME business leaders do not fully understand Australia’s cybersecurity reporting legislation.
- 45 per cent of SME Office Workers admit user experience is more important than data security.
- Australian workers in small businesses are the most likely to have no idea what the relevant security protocols should be (64 per cent).
- Business leaders in small/micro organisations are the least likely to be aware employees are creating password vulnerabilities (39 per cent) and email vulnerabilities (25 per cent).
- Business leaders in small/micro organisations are the least likely to be aware of confidential files being copied and carried out of the office (8 per cent).
- 37 per cent of Business Leaders in small/micro organisations don’t fully understand Australia’s legislation regarding the reporting of cybersecurity breaches compared to 17 per cent of business leaders in medium-sized businesses and 13 per cent in large organisations.
QuintessenceLabs Founder and CEO Dr Vikram Sharma believes this highlights the need for businesses to safeguard against human error.
“While many businesses are on high alert from external threats like hackers, they aren’t always aware of the risks caused by human error,” he said. “Simple mistakes by employees can lead to compromised data and have a significant cost for businesses.
“Most of us have at one time or another circumvented IT protocol, but people don’t realise that these sometimes seemingly benign actions can lead to serious data breaches if the right security measures aren’t in place. Once data is compromised, businesses need to be honest and transparent with customers, or face reputational damage and lost trust.
“Interestingly, our report found that almost half (46 per cent) of business leaders recognise there are gaps in their data protection – it is critical to act to protect and prevent as the flow-on effects to trust, reputation and, ultimately, the bottom-line is sizeable.