In an ideal world, your employees would never make mistakes. They’d perform each task meticulously and thoroughly, double-checking everything before moving forward.
No Slack chat would ever get sent to the wrong person, no files would be sent to clients with typos, no private information would be written in a public GitHub repository, and no one would ever forget about your corporate security policy not to access company files on their own devices.
But we don’t live in an ideal world. Employees can – and will – make mistakes at some point or another. Accepting this is crucial. If you bury your head in the sand about employee errors, you’re way more likely to suffer a data breach. In fact, research estimates that employee mistakes primarily cause 95% of cyber security breaches.
It’s not necessarily that your employees are slapdash either. While you might find the occasional employee is a bit careless, most are doing their best. It’s just that work can be, well, stressful – and working from home hasn’t necessarily helped things.
Let’s look at the stats:
- 52% of employees make more errors when they’re stressed
- 43% have made mistakes with security repercussions, such as clicking a phishing email
- 75% have struggled at work due to anxiety caused by the COVID-19 pandemic
- 69% of employees working from home report burnout symptoms
- 59% of people working from home take less time off to decompress than before.
- On average, remote workers have worked an extra 26 hours more every month since the pandemic
This isn’t an HR article, but we want to address the link between employee stress and data loss.
Tired, flustered employees are more likely to make mistakes. And these mistakes can lead to data breaches, data leaks and, you guessed it, hefty compliance fines.
Below, we’ll look at the most common mistakes employees make that lead to data breaches, and what you can do to prevent them.
Misdelivery
Verizon’s renowned Data Breach Investigations Report has, time and time again, found that misdelivery of sensitive data is the most common type of human error.
Misdelivery occurs when a member of staff sends PHI or PII to the wrong recipient via email or communications channel. When this happens, it is considered a data breach.
Because so many people are now working from home, the chances of misdelivery are higher than ever. Employees are rarely in the same office anymore, so they have to communicate over email and collaboration tools. Plus, many are suffering from notification overload. Between Teams, Slack, email and their phones, it’s easy for employees to get overwhelmed and inadvertently share data with the wrong person.
Misconfigurations
Research indicates that cloud misconfigurations were the number one cause of data breaches in 2021. A cloud misconfiguration occurs when an employee fails to implement the proper controls and access permissions for a cloud environment.
Cloud misconfiguration errors are easy to make. The cloud can be a daunting place for non-security folk. There are an overwhelming amount of settings, policies, widgets and services that can be difficult to manage – especially as cloud providers often upgrade and edit their offerings.
Because of this, by 2025, Gartner predicts 99% of cloud security breaches will be caused by misconfigurations.
Shadow IT
There’s a SaaS tool for everything these days and, often, these tools are free. All you need is an internet connection, email address and a password, and you can sign up for a cloud service. Sure, these services can be excellent for employee productivity – but they’re also a data security risk.
The IT team cannot protect what it doesn’t know about. Unfortunately, though, many employees (80%) are using unsanctioned apps while working from home – and uploading sensitive data to them.
Unauthorized BYOD
One of the best things about the cloud is its flexibility. Employees can access cloud services anytime, anywhere from any device. However, this ease of use also has its drawbacks. With so many employees accessing data from all over the place, it’s hard for system administrators to keep track.
Who’s to say that employees aren’t downloading confidential files onto their personal devices, and then sharing these files with unauthorized users? It’s no wonder that 84% of IT leaders find that data loss prevention is more challenging with a remote workforce.
The repercussions
Any of the above scenarios could quickly result in an accidental data breach. The thing is, regulators for HIPAA, GDPR and CCPA don’t care whether a data breach happened because of an accident or a cyber-criminal. If data has been mishandled, you will get fined.
To that end, you need a way to tackle ‘the human element’ of cybersecurity. While you can’t prevent people from making mistakes, you can implement solutions to catch these mistakes before they cause a data breach.
Data loss prevention can help reduce this risk.
How cloud-based DLP can secure remote work
Cloud-based DLP works by discovering and protecting sensitive data to ensure it is only accessed and edited by authorized users. Using APIs, cloud DLP solutions like ours effortlessly integrate into the cloud and begin scanning for sensitive data.
Our solution can discover both structured and unstructured data in the cloud – meaning it can find sensitive information in documents, chats, databases and more.
Once identified, our solution uses automation and a self-learning engine to take the most sensible, secure steps to safeguard your data as users access it. Actions include redaction, quarantine, blocking and alerting, depending on the threat in question.
As an example, say one of your employees attempts to share sensitive data links from the cloud with their personal account. Our solution would automatically redact sensitive data from the document or terminate the share to prevent a data breach, while creating an automatic record of the incident for compliance and auditing purposes.
At the same time, we also offer in-app ‘nudges’ – a user behavior element that lets employees know that their behavior would have violated security policies. This way, not only do we protect sensitive data, but we reduce the likelihood of employees making the same mistakes in the future – by helping them keep security front of mind.
Ultimately, as people work from home, mistakes will happen – but errors don’t need to result in a data breach. Using a cloud-based, data-centric security solution helps you keep data safe as employees work from home and in the cloud.