In most cases, A data breach is the result of company and corporate negligence, with human error being the most likely cause. Now I’m not saying that company processes are key in mitigating this human error, but there should still be a certain amount of sensible procedures that everyone carries out at work and home.
The Basics – One obvious thing to do is not leave your work laptop at your local café. The amount of data breaches occurring from lost or stolen digital devices is a growing problem given the number of laptops and phones given out by companies. In Hong Kong in 2017, two laptops belonging to the Electoral Office were stolen at Asia World-Expo. This carelessness compromised the information of 3.78 million registered voters. Again, with the local café, don’t use a public network when working. The security on these networks could be lacking, leaving you open to a whole host of attacks.
Email – Sending an unencrypted email containing sensitive information to the wrong recipient is a worry due to the number of emails we send and receive. In 2018, over 21,000 people associated with the US Marine Corps were compromised due to an unencrypted email being sent to the wrong recipient list. Getting an email encryption service is a way of securing sensitive information over email.
Email is also the most common form of entry for hackers. According to Verizon’s 2020 Data Breach Investigations Report (DBIR), 96% of phishing attacks arrive by email. Check your emails. Do they look suspicious? Are they asking you for information urgently or sending you to another website? These types of emails are a key indicator of a phishing campaign. John Podesta and his team were hacked in this way in the run-up to the US presidential election in 2016.
Software Updates – Make sure all systems connected to the internet are fully updated. Think of it as maintaining online hygiene. Some of the most significant data breaches in recent memory have occurred because of older versions of software not being updated. The infamous Equifax breach in 2017 was the result of an unpatched vulnerability.
Passwords – One that everyone can improve upon. Use strong, cryptic passwords that are hard to guess. Store your passwords in a safe, encrypted portal or a password manager.
Are We Learning to Deal with Data Breaches?
The top-decision makers in large companies are gradually becoming more involved in the cybersecurity process. According to a 2019 Experian report, 54% of executives and 39% of directors were engaged in planning responses for data breaches. These figures need to continuously improve; as if top executives are not involved, it can give off the impression that cybersecurity is not a priority high on a company’s list.
Many people are simply too busy to worry about best security practices at work. The belief that it’s someone else’s job is a convenient excuse to shirk personal responsibility. There are server-level solutions that can aid in this process. Moreover, a tendency to not report something suspicious or lacking due to fear of reprisal from higher up is a worrying trend. Seeing how regulations like GDPR have made it mandatory to notify the supervisory authority within 72 hours, this trend should be on the decline. Companies may find themselves needing to change their incident response plans and internal security to make sure these reporting requirements are met.
Different generational approaches to cybersecurity may pose a problem in dealing with data breaches. Engagement with all generations is a must in improving security culture. The assumption is that younger workers brought up in the Digital Age would be more responsive to cybersecurity responsibilities, but this may not be the case.
On a personal note, outside of work, the sheer volume of data we trail on the internet can intimidate when we want to sort out our passwords and security procedures. The main risk is mixing the important stuff with the casual newsletter. No organisation of data can lead to poor online hygiene.
Data breaches will be curbed when a meeting of professional and personal attitudes towards security culture align. This attitude will be most effective when implemented from the top down with staff training, but steps can be taken on a personal level to reduce human error.