How Industry Security Standards Can Cut Out Human Error

The best part of the holidays is that the entire family is in one place, making for some great bonding experiences. Families can cook together, put up decorations, or do whatever Holiday traditions they’ve created over the years. Many families will find themselves sitting down at the dinner table and playing board games like Monopoly, but that’s not a good thing. Because Monopoly games are so stressful and lead to so many fights that this year Hasbro will set up a Monopoly hotline December 24th and 25th to resolve Monopoly fights. But in a survey of 2,000 people, the top 3 reasons people get in fights over Monopoly has nothing to do with the game or its rules. The top 3 reasons for arguments are:

  • #1 People making up rules as they go
  • 2 People being cocky while they’re winning
  • #3 People buying property they don’t need.

See the pattern?

Each of the biggest problems is caused solely by people, not the game. And it’s not just in Monopoly where people are the main source of problems. In cybersecurity, no matter how many new bugs or viruses are created every year people are always the biggest threat to personal privacy.

This November there was a 60% increase from October in data breaches, making November the month with the most breaches this year. But there is no hacker holiday in November, so what caused the spike in breaches? 54% of the breaches were caused by employees. One breach that leaked 170,000 patient records was the result of a third-party’s error.

Just like Monopoly, it’s not the systems or network infrastructure that’s causing most of the security breaches out there. It’s human error. If you’re an employer who handles medical records, there’s no way you can keep every one of your employees from clicking on a bad link or falling for a phishing scam. And you can’t just throw money at your IT guy and tell him to make your system full proof.

So, what can you do to make your employees less likely to cause a data breach?

The simple answer would be to tell them how likely it is that they’ll be the ones who expose the company to hackers and malware. But that would not be the effective answer. You can’t just scare people into being more secure online. You must start by education yourself on how dangerous anything from opening up an email to online shopping can be. Once you understand the dangers of poor cybersecurity, you can apply them specifically to your industry. Let’s say you’re a hospital administrator.

You’d have to be a fool to not know the dangers hospitals and even small practices face, but for your average nurse or even janitor to know is far from a guarantee. You must educate them on exactly what your industry is facing online. Another way to bring human error down is by subscribing to cybersecurity standards. If you handle medical records you must be HIPAA compliant to operate, but if you work in another industry you can find standards like ISO 27001 SOC and PCI. Most industries have security compliance standards that were voluntary in the past but are becoming mandatory with the growing cyber threat today. Find your industry’s cyber security standard and get your organization up to speed before it’s too late.

If people can’t even play a game of Monopoly without it breaking out into chaos, what chance does your cyber security have? The good news is that with a little research and change you can account for most of the human error that will bring hackers inside your organization.

image_pdfimage_print