A freedom of information request from Egress Software Technologies to the UK’s Information Commissioner’s Office has found that nearly two-thirds of data loss incidents reported to the ISO are down to human error. Other causes, like poorly secured webpages or hacks, make up a combined 9% of the reports they receive.
Their definition of data loss also includes data theft – while the primary data might still be intact, it’s also fallen into the wrong hands. The most common breach was down to someone physically sending data to the wrong person, which accounted for 17% of activity.
Another 17% came from loss or theft of paperwork and a further 9% from when the data was emailed to the wrong person.
Other types of data loss recorded include insecure disposal, loss of unencrypted drives, and data that hadn’t been redacted.
Malware has been in the news a lot lately and many enterprises have been doing all they can to step up their security to stop these breaches making the way into their systems. But they also need to be educating their users, especially if these statistics are to be taken seriously.
“The fact that so many breaches are caused by methods of working that are known data breach pitfalls – such as faxing and posting sensitive information, or using plaintext email – should be a major concern for all organisations,” said Tony Pepper, CEO of Egress.
A good business needs to review the data that is being produced and handled by their employees. They need to set clear guidelines and classifications for how this data has to be treated and, if needed as part of the process, releasing it in the right way.
Part of this can be integrating tools to help with security. For example, email encryption or protected online collaboration programs can help ensure the data is kept within the business and controlled by policies. These types of procedures are harder to track if the data is being physically handled, which is why keeping your data on as few systems as possible can help control it.
This also extends to disaster recovery. If you do suffer data loss at the hands of human error, you need to make sure that you’ll be able to recover it efficiently. If a system administrator accidentally wipes out a bunch of data, will you be able to restore it? If not, you need to act immediately.
Keep your data backed up in a variety of locations. Redundancy is key here. Human error can happen on the backups too. If you only have one backup and someone fails to check it’s working or destroys it or overwrites it, the entire process falls to pieces. Consider outsourcing your backup procedure to an external company who will be able to provide off-site data centres to keep your data safe. These can also be used alongside internal procedures if necessary.
Automate your backups, replicate them and have them verified by a third-party during backup and recovery. These are great ways to stop human error getting in the way of protecting your data.
Human Error Causes Data Disasters - Could You Recover?
Comments
No comments yet. Sign in to add the first!
