A Data Breach: What is It and How to Prevent It?
Data breach. Two words no one wants to hear. Whether it has happened to a store you frequent or to a company you run, it means lot of headache, heartache and even more paperwork. Now we must think about two things. What is the main cause of data breaches? How do I prevent them from happening to me?
Human error is responsible for a vast majority of all data breaches. In fact a study done by PwC in 2015 claims that 3/4 of large businesses suffered a staff-rated security breach, half of them caused by human error. Research suggests that errors are prevalent due to lack of cybersecurity awareness.
AXELOS, a joint organization between the UK government and Capita, suggests it is simply due to lack of knowledge and available training. A quarter of the top business surveyed claim that less than half of their employees have taken part in any training covering hacking, cyberattacks, or cybersecurity measures even though they are offered by the company. two thirds of the business owners surveyed claim it is because the training provided does not relevant or practical information. All business owners and AXELOS do agree that while staff should should be the best security control, they are typically the greatest vulnerability.
Nick Wilding, head of cyber resilience best practice at AXELOS, states simply that proper and adequate training is the best defense against a cyber attack. They have published a document outlining the minimum standards they believe staff should be trained. AXELOS emphasizes that “the awareness learning [companies] provide should be directly relevant to the work of [their] employees and the information security risks they face.” Staff members must be able to actively anticipate the ever-changing methods of cyber criminals.
Not only should company staff be aware of common threats such as phishing, but they should also be taught the importance of strong passwords and information handling techniques. Wilding suggests turing employees into life-long and daily learners. Teach them to be aware of different cyber risks and give them the skills to capably manage security threats before they happen.
Data breaches happen everyday. In fact a report by the Institute of Directors suggest many organizations that have had a data breach are still afraid to report the incident to the proper authorities. The biggest cause of a security breach is user error. You can help control this by mandating your employees partake in relevant, up-to-date training on perceiving and managing an upcoming cyber attack.