In this blog we will discuss data security measures very frequently and we usually share best practices for secure communications. Strong passwords, data encryption or VPN connection on public Wi-Fi networks are just a few examples of security tips that we have maintained on throughout the years of this online publication.
However, for many security systems that we apply to our communications, nothing will protect us if we as users do not take basic precautions when managing the personal data for which we are responsible. An IBM Cyber Security study in 2014 found that most computer security incidents came, to a greater or lesser extent, from human error.
The tools of communication and data management (email, messaging apps, CRM, etc …) are there for us to use and ultimately we are the ones who press the send button, the share button, save button or the delete button. Although information flows are always more automated, human intervention is always present and when it occurs, it must be as careful as the computer program to which we demand the highest level of security.
For those levels of security to be high, the training and awareness of the employees responsible for managing personal data is necessary and it is necessary to remember that in many cases we are the weakest link in the data security chain.
Among the most common human errors we have collected these five categories that encompass most:
1. A weak password
Passwords are one of the most common security mistakes by users in forms of security and can be very effective if managed properly. However, when passwords do not follow basic security standards they can become a system vulnerability.
Easy Passwords: A basic example of human error is the choice of an easy or generic password (12345). These make them very easy to guess and open the door to attacks.
Sharing passwords: Having multiple employees share the same password for an account that contains personal information is a recipe for disaster because it exponentially increases the chances of it ending up in the wrong hands.
2. Avoiding data protection
The daily routine of a person who works on a daily basis with personal data can lead to error due to lack of interest or lack of awareness. Some of the most frequent errors are:
Sending data by email: sending a collective email to several clients with addresses visible to all is a common example of carelessness.
Data Erase: Disk space problems can lead a person to erase information that may be very important and need to be preserved (for example, patient information).
3. Use of software
In many cases, speed and practicality prevail before safety procedures. When we talk about data management software, this can bring problems:
Not to install new updates: by not taking the time to download files, install and restart, we prefer to keep an old version of a software that probably contains vulnerabilities that the new version has corrected.
Disable security options: In many cases, security alerts and options are considered cumbersome and deactivated with the consequent increased risk of making a mistake.
4. Little safety awareness
The easiest gateway for introducing malware into a system is from within, relying on the involuntary collaboration of an employee. Lack of awareness or even ignorance of threats such as phishing can make the job very easy for those who try to get personal data fraudulently.
Follow suspicious links in emails: the gateway to hacking accounts and practices as harmful as ransomware.
Use of unauthorized software: downloading unauthorized programs on a computer opens doors to unauthorized access to data stored in the system.
5. Inefficient data access management
Control the access to sensitive data in a basic common cyber security mistakes. However, many organizations do not pay attention to permissions and extend access permissions to everything by default. Something that causes different vulnerabilities:
Too many privileges: employees have access to personal data they do not really need. This increases the risk of leaks.
Perform modifications and erasure of data: an employee who has too many user privileges may end up using them by accident to modify the security preferences of a system or to erase data by compromising the integrity of the data.