10 Ways to Cut Down on Human Error Issues at Work
When it comes to data breaches, there’s so much media focus on cyber criminals. But did you know that employees are behind about two-thirds of data breaches today?
In the 2014 Cost of a Data Breach Study by IBM and Ponemon Institute, employee negligence was identified as the top root cause of data breaches in the UK, accounting for 40% of cases in the country.
The main issues associated with the “human factor” include mishandling of information by employees, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.
One main cause could also be the general ambivalence of employees towards data protection regulation. Although everything from employee records to client invoices could be dubbed potentially sensitive, our Security Tracker survey results reveal that there is a general sense of confusion about what exactly constitutes sensitive data.
And although the Cost of a Data Breach Study lists some ways companies can alleviate the frequency and cost of data breaches, such as having a solid incident response plan and recruiting a C level professional, like a CISO, to take overall responsibility for enterprise data protection, there are many more preventative measures organisations can take to tackle cases directly linked to employee negligence.
So what exactly can businesses do to cut down on breaches caused by human error in the workplace?
- Implement a culture of security throughout the organisation.
- Create information security policies and procedures – and keep them up-to-date.
- Form a data security team with members from different areas of the organisation - IT, human resources, compliance, legal and communications.
- Keep an inventory of all information that needs to be protected.
- Implement on-going risk analysis processes.
- Schedule on-going training so employees understand best practices for protecting confidential information – in and out of the workplace. As part of the training, make sure employees acknowledge that they are aware of security policies and procedures – so they feel accountable and responsible.
- Enforce non-disclosure agreements. In employment agreements and exit interviews, emphasise the responsibility of employees to protect confidential information and company information, even after they leave the business.
- Partner with companies that share the same level of commitment to information security.
- When information is no longer needed, have all documents – paper and electronic – securely destroyed. A Shred-All Policy is recommended.
- Ensure employees are informed about the risks associated with data protection breaches and are well trained on both which documents they should consider shredding and how to dispose of electronic media.
Learn more about the many costs of a data breach and how these could severely affect your business.