Human error is, more often than not, the cause of most security flaws and breaches at businesses.
The errors can range from simple misunderstandings of protocol to monumental errors such as:
- The accidental addition of a character to a database which offsets the entire output
- The gullible act of clicking on a phishing link tied to an email that looks legitimate
- The lack of understanding of the sensitivity of systems and how they’re connected
There is little you can do to stop human error because we are all fallible but you can certainly take preemptive measures to curb these events from happening and adhere to routines which help get everything back on track in the event these things happen.
The three golden rules of dealing with human error are these:
- Limiting access to information
- Secure data recovery fallbacks
- Open, transparent dialog
The first of these, limiting data access, is readily found throughout large networks with many workstations. The practice is to limit an individual to the files and resources they need while locking them out of those which don’t pertain to their work.
For example: An individual in the warehouse does not need access to the marketing department.
Network permissions is what we’re dealing with and can easily be set up so that certain individuals can be lumped into groups, defined by certain criteria for file sharing, and set to permissions so wandering eyes don’t fall into private information. Limiting access prevents a single point of failure if, for example, an employee with full access becomes a victim of a cyber-attack and breach.
The second, secure data recovery, is a fallback for when these events happen (which they will). It’s not a wise decision to keep all the business information in one centralized location because it creates an opportunity to do massive damage from a single attack.
For example: Keeping everything on a workplace computer that becomes corrupted from an attack now destroys all other areas of the business because the information is no longer accessible.
By keeping off-site backups and a local data recovery service in your rollcall you will be able to bounce back from these types of human errors that often happen in the business environment. The day may not be all too fun when business is disrupted but at least you know you can bounce back because you have the resources available to do so.
The third, open transparency, is the notion that you need to alert your audience, marketplace, and business connections of the errors and breach to keep their trust that you’re working on the issue. A business which keeps others in the dark, while trying to fix the problems, may succeed in their efforts but it’s bad form because if the actions weren’t successful then users feel they have been betrayed and kept out of the loop (which is very important if you’re storing personal information).
For example: A human error could have accidentally billed a client twice; this is an example where the business should immediately get in contact to explain the situation, work through the issues, and keep an open dialog so the individual does not become disgruntled.
Transparency also benefits those within the business. The person who may have caused the error may not have known why it happened; by explaining the situation you will help prevent future occurrences of these mishaps. Go wider and you can use this as an example when updating your privacy policies when later redistributed to the workforce.
All-in-all, human error is inevitable but manageable. It’s not the end of the world if you understand that it happens, don’t over react, and have the resources in place to get back up and running quickly. These things happen to even the largest corporations so don’t feel upset if they happen to you. Just take action when they do, help people understand the faults, and go on with your day.