Staff ‘Complacency’ Set to Increase Cyber Risk

Humans make mistakes, it’s a part of what makes us, us. When looking at human errors, they can be broadly categorised into two types. Skill-based and decision-based errors. The difference between these errors comes down to whether the individual had the knowledge to perform an action in the right way.

A skill-based error can be categorised as an error that the person makes because of lapses in judgement, whether that be due to tiredness, distraction, or negligence. The individual knows what they are meant to be doing, but fails to do so.

There can be huge consequences for cyber breaches, even if they are accidental. In 2015, an NHS trust was fined £180,000 after a sexual health clinic leaked the details of nearly 800 patients who had attended sexual health clinics. The breach happened when an employee accidentally added the patients to a newsletter instead of blind copying them in, allowing their details to be made available to everyone. 

In 2020, leading law firm Tuckers were hit by a ransomware attack after failing to increase their cyber security protocols having failed the government back Cyber Essentials standard. The attack encrypted 972,191 individual files and led to the firm being fined £98,000. 

Far worse than either of the above, whilst only affecting 15 people, was Crown Prosecution Service (CPS) breach. It was fined £325,000 after it lost unencrypted dvds of recordings from interviews with child sex abuse victims The dvds where being sent between two offices via tracked delivery, but they were left at reception and subsequently went missing. They have never been found.

Ensure that your users only have access to the data and functions that they need to be able to perform their roles and jobs. In doing this, you are reducing the amount of information  that any one user is able to access, reducing the amount of information that will be exposed in case of a breach.

According to the National Centre for Cyber Security, the most popular password in the world is 123456. Password related mistakes are the main cause of cyber breaches. Leaving passwords taped to screens, using the same password across a multitude of sites, and sharing them with colleagues are all huge red flags that your password security is poor. Using long passwords reduces the chance of hackers and criminals guessing your password, and implementing two-factor authorisation adds an extra layer of safety to your online accounts.

Decision-based errors often lead from a lack of knowledge. The easiest way to mitigate this is by investing in training for your staff. This includes making sure they have the right knowledge and tools to do their job, and also have security training so they can spot phishing emails, understand password security, and malware training. It may be time-consuming, but it will save you money and time in the long run.

Even with the best training and most competent stuff, issues can still arise. That is why getting specific insurance for data breaches and cyber attacks should be a part of any insurance policy. Not only does it protect you from the monetary costs involved, it can act as a safety blanket for you and your staff should an attack occur. Speak to an advisor to see what cover would best suit your business.

Reducing human error from your business comes from two angles: educating staff and reducing the opportunities for them to make these mistakes. Increasing training and creating a stronger security culture in your business will go a long way to reducing the risks of cyber attacks and costly data breaches. 

If you’d like some advice from an experienced broker on Cyber Risk Management and considerations for your business, contact [broker_name]. We’ve worked with businesses throughout [broker_county], offering expert, unbiased advice and support. Get in touch by calling [broker_phone].