Human Error: Why it’s a Threat and How it Can be Prevented

Hackers look for vulnerabilities to exploit within softwares and software developers work hard to make sure these exploits are secured. Once a vulnerability is found, software developers will fix it and send out patches to their users. However, in order for the patch to work, the user must update their software. This means that clicking on that ‘remind me later’ button for software updates (which we know you’re guilty of) is a really bad idea. 

A common mistake people make is connecting to public Wi-Fi. People think public Wi-Fi networks are secure, especially when there is a password required to connect, but cybersecurity experts know this is not the case. If you can get access to those networks then so can the hackers.  

Most people use the 4-digit pin to lock their phone or use their fingerprint, face ID, etc., but there is still a significant amount of people out there that do not use any kind of pin or password at all to lock their phone. In the case of a lost or stolen device this can create some serious issues.  

If there is any kind of business-related information on your device then sharing your device with friends or family is a big no-no. Not only can they gain access to the information stored on that device but they may also not be very cybersecurity aware (especially not your 4-year old watching videos) and they might click on malware-ridden links or websites.  

Another very common mistake made by employees is outright ignoring cybersecurity best practices. Maybe it is too time-consuming for them or they have too much to do and disregard the best practices. Whatever the case may be, this happens way too often and can easily be prevented.

Limited access controls and permissions are a staple in cybersecurity best practices but not alot of businesses follow this. Employees should not be given access to files or data they don’t need to do their work because not only does it give them full access to view everything, in the case of a cyber attack, hackers will also be able to easily gain access to everything. 

Sometimes it’s ignorance, but sometimes people truly just don’t know how to safely navigate the internet. Many people don’t know what phishing scams are, what ransomware is, or how viruses get into their devices. This is the reason for most of human error related breaches. 

It’s pretty much impossible to memorize a different password for every account you have, which is why we recommend the use of password managers such as LastPass. These apps safely store your passwords and generate strong and unique passwords for you. This eliminates the need for remembering all your different passwords. It also tells you if you have any repeated passwords and lets you know when it’s time to update an existing password. To take this a step further, we also recommend implementing 2-factor authentication for an extra layer of protection. 

As mentioned earlier, giving employees unnecessary access to everything can become a liability. Implementing the principle of least privilege means to limit employee access to only the information they need to adequately do their job. 

Adding to cybersecurity awareness training is promoting a security-first work culture. By keeping cybersecurity at the forefront and encouraging security-based discussion, your employees will be thinking about the security of business with every action they take – or don’t take. 

In the wrong environment, people are more likely to make mistakes. The amount of distractions, workload, and even the temperature of the office are all factors that contribute to human error. As an employer, it’s your responsibility that the working environment is in top condition.