To err is human…
They used to say “To err is human, but to really foul things up takes a computer.” But in this highly digitised world, it’s becoming abundantly clear that the reverse is true. To paraphrase a famous song; Computers don’t kill businesses - humans do.
According to statistics provided by numerous polls and surveys, ‘People’ remain the number one cause of data breaches (due to human error) and people are considered one of the major threats to corporate security, due to IP theft or computer fraud.
But when most of us think of Data Protection or cyber Security we wrongly assume the problem is in the machine, when in-actual- fact the problem walks amongst us.
Computers in the past were inherently unreliable and would crash and fail with an alarming regularity (which is the basis of the ‘To err is human’ quote). Human error wasn’t really a factor, as email was in its infancy and quantities of data were relatively small, so the risk of someone making a mistake that impacted your business was minimal.
In 1986 the very first ‘true’ virus was born (called ‘Brain’) but it wasn’t until 2000 that the ‘I love you’ virus, went ‘viral’. At the time, computers were simply attacked to cause damage and chaos in the digital universe, but times have changed.
Just as computing has evolved, so have the people behind the viruses – dis-organised crime has become organised. Where once they were doing this for the ‘lulz’ (hacker speak for ‘just for laughs’), they realised that there is money to be made from causing destruction or from stealing from our accounts.
Modern computing systems have been built to try and withstand these attacks and have evolved almost beyond recognition over the last 20 years. One of the fundamental improvements in security is the adoption of Cloud Computing which has been embraced not because it provides technical solutions to security problems, but also because it offers cost savings and scalability to businesses of all sizes. Adopting ‘Cloud’ has meant that businesses place their trust in an organisation whose primary purpose is to ensure that information is there when you need it (availability), can be trusted (integrity) and is only accessible by those who should have access (confidentiality). These are the three pillars of cyber and information security.
But what of ‘Human error’? We send around 204million emails every sixty seconds. So what are the odds of you or your staff making a mistake? Sending a confidential email to the wrong address? Today an employee could deliberately use email to steal the entire contents of your case management system.
Our reliance on, and trust in computing is leaving us vulnerable because we are forgetting the human element of security.
The future – a chain reaction
Good security does not focus on technology, it focuses on; Technical, Human, Operations and Regulations. Think of good cyber security like a ‘chain’ and a missing or weak link weakens the whole structure.
For the ‘Human’ aspect of security, there are numerous technical and non-technical things you can do, such as putting in place a programme of cyber Awareness and training so they understand what to do (and what not to do).
Security isn’t just about keeping the ‘bad guys out’, it’s also about reducing errors and data breaches. Providing training will limit your exposure here too.
So remember, your people are your greatest asset and the best form of defence. Technology can help us in ensuring we have a robust platform within to operate. Computers rarely make mistakes on their own, but people do. Improve your security through people, processes and PC’s. It’s a chain reaction, so make sure your people are not the weakest link.