Human Error: Why it’s a Threat and How it Can be Prevented

People aren’t perfect and they’re bound to make mistakes however, sometimes these mistakes can be costly. Human error is the cause of 95% of security breaches and this can take form in many different ways. Employees are the weakest link when it comes to the cybersecurity of a business. However, there are actions that employers can take to lower the risk of human error.  

How Does Human Error Cause Security Breaches?

Human error can manifest in many different ways but essentially it’s a course of action someone did (or did not) take resulting in some kind of dysfunction in an organization. Below are some of the most common cases of human error which result in data loss, ransomware attacks, and more.


Many people know the importance of creating a strong password but once this password is used over and over again, that password is no longer keeping you secure. Hackers use brute force to guess passwords or they can simply buy a list of email addresses and passwords from another data breach. If you use the same password for several accounts, the hackers can gain access to everything by only cracking the one password. Although you may think people know to use numbers and letters and a variety of other characters to make up their password, there are still an alarming number of people that use passwords like ‘12345’ or ‘password’. One of these people may be an employee or coworker of yours.  


Hackers look for vulnerabilities to exploit within softwares and software developers work hard to make sure these exploits are secured. Once a vulnerability is found, software developers will fix it and send out patches to their users. However, in order for the patch to work, the user must update their software. This means that clicking on that ‘remind me later’ button for software updates (which we know you’re guilty of) is a really bad idea. 

Connecting to Public WiFi

A common mistake people make is connecting to public Wi-Fi. People think public Wi-Fi networks are secure, especially when there is a password required to connect, but cybersecurity experts know this is not the case. If you can get access to those networks then so can the hackers.  

Email Misdelivery

Sometimes we accidentally send texts or emails to the wrong person – maybe because we opened the wrong email to respond to or we trusted the contact autofill line a bit too much. This mistake can be innocent but in the case of sharing confidential information the cost of this mistake can be major. Say it was customer information that was shared, this mistake may result in the loss of a customer or a damaged reputation. Beyond just the social repercussions, their may also be legal implications under privacy laws.

Keeping Devices Unlocked

Most people use the 4-digit pin to lock their phone or use their fingerprint, face ID, etc., but there is still a significant amount of people out there that do not use any kind of pin or password at all to lock their phone. In the case of a lost or stolen device this can create some serious issues.  

Sharing Devices with Friends and Family

If there is any kind of business-related information on your device then sharing your device with friends or family is a big no-no. Not only can they gain access to the information stored on that device but they may also not be very cybersecurity aware (especially not your 4-year old watching videos) and they might click on malware-ridden links or websites.  

Ignoring Cybersecurity Practices

Another very common mistake made by employees is outright ignoring cybersecurity best practices. Maybe it is too time-consuming for them or they have too much to do and disregard the best practices. Whatever the case may be, this happens way too often and can easily be prevented.

Poor Access Controls

Limited access controls and permissions are a staple in cybersecurity best practices but not alot of businesses follow this. Employees should not be given access to files or data they don’t need to do their work because not only does it give them full access to view everything, in the case of a cyber attack, hackers will also be able to easily gain access to everything. 

Lack of Awareness

Sometimes it’s ignorance, but sometimes people truly just don’t know how to safely navigate the internet. Many people don’t know what phishing scams are, what ransomware is, or how viruses get into their devices. This is the reason for most of human error related breaches. 

Ways to Minimize Human Error in the Workplace

Improved Password Practices

It’s pretty much impossible to memorize a different password for every account you have, which is why we recommend the use of password managers such as LastPass. These apps safely store your passwords and generate strong and unique passwords for you. This eliminates the need for remembering all your different passwords. It also tells you if you have any repeated passwords and lets you know when it’s time to update an existing password. To take this a step further, we also recommend implementing 2-factor authentication for an extra layer of protection. 

Implement More Controls

As mentioned earlier, giving employees unnecessary access to everything can become a liability. Implementing the principle of least privilege means to limit employee access to only the information they need to adequately do their job. 

Cybersecurity Awareness Training

Educating your staff is one of the best defences you can have against cyber threats. By informing your staff on hacker trends and best practices you will eliminate lack of awareness as a threat and will greatly reduce security mistakes. Cybersecurity awareness training is also something that should be done frequently. 

Promote a Security-first Work Culture

Adding to cybersecurity awareness training is promoting a security-first work culture. By keeping cybersecurity at the forefront and encouraging security-based discussion, your employees will be thinking about the security of business with every action they take – or don’t take. 

Create and Environment that Prevents Human Error

In the wrong environment, people are more likely to make mistakes. The amount of distractions, workload, and even the temperature of the office are all factors that contribute to human error. As an employer, it’s your responsibility that the working environment is in top condition.