View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 18, 2017

The cost of human error: Why businesses need to solve the weakest link in their data security chain before it’s too late!

Installing the latest cybersecurity solutions cannot help to solve people-based security issues, especially when few employees within a business will have the same level of expert security knowledge as an IT professional.

By James Nunns

Barely a day goes by without breaking news of yet another cybersecurity breach.

Whether it’s a mass ransomware attack like WannaCry, withholding data for money from unlucky companies across the world, or government-linked hackers allegedly rigging elections to influence our political systems, it feels like cybersecurity stories are now a mainstay of the modern news agenda.


Stuart Sykes, Managing Director at Sharp Business Systems UK.

Trying to combat constantly evolving online threats is no simple task. Since the internet first became available to the wider public, security software and services have been sold to businesses to help them cover everything from standard antivirus to network monitoring, two-factor authentification and threat intelligence. But it’s not enough. Your business can have the best cyber security technology in the world, but it will never be truly immune from a data breach.

Your employees are the weakest link in your organisation’s information security. Cyber security professionals have long acknowledged it, and no tools or services can ensure your business is completely safe.  The problem is that, regardless of whether you have the best security systems money can buy, staff still need to be able to do their jobs in the simplest and most efficient manner possible. This is where human error comes into play.

The last few years alone have not been kind to employees targeted by cybercriminals. Many have fallen victim to sophisticated phishing emails and had their login credentials stolen through social engineering. There have been cases where employees have downloaded sensitive information to their personal un-encrypted devices, which were subsequently stolen. The data was exposed to opportunistic cybercriminals who may have then used it to their advantage.

Read more: From Redshift to Snowflake: How Deliveroo overcame bottlenecks to deliver data success

What is surprising, is that despite these accidental security mishaps, employees are not learning from their mistakes. In fact, they’re actively and knowingly breaking company security policy. Recent research we conducted, surveying over 1000 UK office workers on their use of cloud, file sharing sites and personal devices in the workplace, found that an alarming number of respondents are flouting company security policies, causing a major headache for companies trying to keep their data security in check.

Our research found that a quarter of respondents (24%) admitted to storing work information in the public cloud even though they are not permitted to do so. Just under a quarter (23%) of workers use public file sharing services for work information even though they’re not allowed to, and 31% take work home to complete despite being told otherwise. Each issue places company data security at risk, and are all the more worrying when 1 in 12 people (8%) admit to having access to confidential information that they shouldn’t have.

Content from our partners
Green for go: Transforming trade in the UK
Manufacturers are switching to personalised customer experience amid fierce competition
How many ends in end-to-end service orchestration?

The buck does not stop with digital information. Just under two-thirds of workers (59%) reported that colleagues leave printed pages in the printer tray, heightening the chances of documents being seen by the wrong pair of eyes.

Mistakes are a part of life. They are what make us human, and will never be fully removed from the workplace. Businesses will forever be challenged by human error. Installing the latest cybersecurity solutions cannot help to solve people-based security issues, especially when few employees within a business will have the same level of expert security knowledge as an IT professional.

Read more: The data don’t lie: Using machine learning to fight insurance fraud

The best possible protection comes from adopting, and routinely enforcing, solid data protection policies and practices. This should be an absolute priority. Businesses need to be better at educating their employees to help reduce data security risks and stop them knowingly making bad security decisions.

Hesitation could spell big trouble in the coming months. General Data Protection Regulation (GDPR) is fast approaching, and it’s becoming more important than ever that employees are fully aware of the everyday risks they could unwittingly expose their organisation to. After all, the alternative could cost a lot more than just information. If a company is found to be in breach of GDPR it will be subject to fines of 4% of its annual global turnover or €20 million. Whichever is greater. The time to act is now.


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.