In the data security landscape, we are mostly thinking about protecting ourselves against data security breaches done by malicious criminals. However, it turns out that most of the data breaches organizations experience could be avoided simply by correcting for human error.
Data Breach Findings
In the U.K. alone research done by risk solutions provider, Kroll, for the UK´s Information Commissioner´s Office (ICO) shows that 88% of data breaches are the result of human error. For 37% of the data breaches the breach itself was due to sensitive data being sent to the wrong recipient.
These research findings go hand in hand with the nature of the security breach notifications the Data Inspectorate of the Danish Data Protection Agency (DDPA) are receiving. In a publication from the DDPA, they state that security breaches of this kind represent a good part of all their notifications. Additionally that some of the incidents reported could be fixed simply by employees turning off the auto-complete functionality in their email system to reduce the chance of the email being sent to the wrong recipient.
Due to the number of negligent incidents such as these, the DDPA´s Data Inspectorate recommend that they should be included in organizations the risk assessment when it comes to data security.
Technical and Human Errors
The DDPA state that we can put security breaches into two different categories, where you have human errors and technical reasons.
Security breaches from technical reasons are mostly related to cases where personal information was leaked in the URL, or for example, there was a lack of email encryption, bad patching, poorly configured firewall.
Human errors can range from a number of things, but often times it will be entry mistakes, copy-paste mistakes, forgetting to remove personal data by “anonymization”, and the previously mentioned auto-complete mistakes.
Practical Solutions
Controlling for human error isn't necessarily very difficult. And a good place to start is to educate employees on the different risks and potential errors that could be made within the data management process. As well as implementing systems that check for human error and make it impossible or at least very difficult to commit negligent errors that result in serious data leaks.
A technical implementation that solves the specific recipient error is e-mail validation that controls for recipients and content in the email. This feature, as well as the possibility to block attachments after sending, can make a huge positive impact on the data security in your organization. These are two of many different features offered in Smartlockr's Data Protection Platform.