The primary cause of data breaches nowadays is simple – human error.
As humans we’re susceptible to making mistakes. It’s what we do and it’s a part of life, and learning from mistakes to better ourselves is a responsibility we all share.
But time and time again data breaches – which are continual – are happening because of human mistakes that have happened before and CAN be prevented.
So why aren’t organisations doing more to tackle it?
Many of the data breach actions we’re involved in stem from simple human mistakes, but there is a great deal more to it than that, and we shouldn’t be pointing the finger at the staff who press the buttons. Organisations have a legal responsibility for the data they hold and share, and a part of that responsibility is to ensure that data is not leaked or given to people without the right (or any) authority. But the fact of the matter is that we can have systems in place to ensure that this doesn’t happen – which can effectively stamp out any risk of human error.
But without those systems in place, data remains at risk.
Emails can be sent to the wrong recipients, or to multiple recipients without the details of other recipients being hidden; data could be accidentally shared to the wrong person or wrong company; even letters could get put together in post rooms with personal correspondence going to the wrong person. It’s all very easy to do. But from a technical standing we can use systems and software to ensure that these breaches don’t happen, or at least ensure the risks are minimised.
For example, there are plenty of third party email applications that can do the job of hiding recipients for you, and in terms of sharing large quantities of data, people should think twice before just sending things out. Some of the problems come down to a lack of understanding about the seriousness of causing a data breach, and many people wouldn’t think twice about it when sending data to someone else.
Education and training is important, but the systems we can use to protect our data should always be utilised.
There is guidance in place from the ICO and organisations, as data controllers, really ought to look at other data breaches and think to themselves how they can avoid falling foul of the law. But, given how easy it is to make a little human mistake, it’s no surprise that human error remains the number one cause of data breaches these days.