Ask most people what they believe to be the commonest source of data leaks, and the chances are they’ll point to sophisticated hacking malware, meticulously-constructed computer viruses, spyware, and phishing as the principal cause. While there’s little doubt that DDoS attacks and other such activities do contribute to leaks, the reality behind their seemingly commonplace occurrence is far more mundane.
That’s right – the majority of leaks are due to mistakes made by personnel within a company or business, rather than the result of malicious spyware from outsiders. Astonishingly, during the first quarter of 2020, 8,000 non-cyber related security incidents were reported to the ICO in the UK alone, suggesting that despite worries of a rise of malware attacks during the pandemic, the real danger lies in the prevalence of human error.
This compounds as soon as you take a closer look at the nature of those 8,000 incidents. Over a quarter of them came down to “data emailed to the incorrect recipient,” and accidentally granting unauthorised access to sensitive data made up another 6%, with the list going on to outline other potentially devastating mishaps.
There are many who have claimed that, since up to 40% of people work remotely now, the likelihood of mistakes happening outside of a regulated office environment will be on the rise. Whatever the reason for the source of data leaks, there’s no questioning the fact that such situations can have major repercussions for a company. Client trust can evaporate overnight as a result of data being lost or stolen, while a business’s reputation risks serious damage, and fines or penalties as a result of non-compliance can be significant.
Everyday Data Insecurity: Can it be Improved?
You don’t have to look far to see how data leaks and severe errors have become the standard in modern workplaces. We’ve all likely observed office procedures where insecure data-sharing methods are commonplace; from free file transfer services which offer very little as per security guarantees, to staff members tapping away on their personal email accounts in the workplace, to social media messengers – somehow – becoming a seemingly normal way to communicate with friends, colleagues, and almost everyone else, for that matter.
Another agonisingly common issue revolves around the continued use of weak passwords, which are either not updated and changed regularly, or not changed and updated at all. Two-factor authentication, while becoming more and more commonplace when it comes to online banking and logging into personal social media accounts, still isn’t regularly used where it is really needed to stop data leaking – namely when trying to authenticate recipients being sent sensitive data via email. Indeed, such an accessible security step could have stopped certain major leaks, such as that suffered by Equifax, which ended up seeing the personal data of 143 million users leaked to an imposter website.
There’s a real and urgent necessity for a simple, secure, and reliable solution for the issues of human error and general ignorance regarding data safekeeping. It’s fair to say that, in some sectors, people are waking up to the need for stronger vigilance and security surrounding the protection of information. Every aspect of your company’s activities requires meticulous care and attention, from taking into account the security risks involved with accepting payments to implementing current best practices when creating suitably strong passwords, and from two-factor authentication to simply double-checking recipient email authenticity.
Preventing Leaks Before Clicking ‘Send’
In order for an effective security solution to be developed, companies must consider the entirety of the journey that their internal and external communication takes, not only after the information is sent, but also during and before it is released. Indeed, the source of data leaks actually happens prior to transmission… something we should all be mindful of.
Principal source of data leaks
The key causes of data leaks include:
- Accidentally attaching files containing sensitive information
- Failing to use ‘Bcc’ and thus exposing recipient contact details
- Users simply being unaware of the sensitive nature of the data being shared
- Auto-complete accidents adding the wrong recipient in error
These kind of email errors call for the user-friendly technology solutions that bring together real-time data classification, raising user awareness, communication evaluations, and recipient contextualisation.
For example, real-time data classification would mean that the system would classify the information being shared while the email is being written (and would apply the same strategy to both the text of the email, and any attachments added). This kind of safety-driven technology, combined with a more security-minded company culture and widespread staff awareness, would potentially cut down a huge number of data leaks. While this might not stop the kind of data linked recently suffered by Virgin, which was seemingly caused by a database configuration error, it would certainly be a good place to begin.
An Exclusively Digital Communication Solution
One of the issues which the ICO’s security incident figures highlights is that so many companies – from small businesses to multinational organisations – continue to use fax and paper communication alongside digital solutions. If human error-driven data links are to be eradicated, then such increasingly archaic forms will need to be minimised as much as possible. It is, frankly, astonishing that most world governments, legal systems, and healthcare organisations continue to rely on fax machines and letters, despite widespread understanding of the risks they present.
It has been noted that, with the vast uptick in home and remote working initiated by the COVID-19 pandemic, many businesses have had to do away with faxing as a form of communication, simply because hardly anyone has a fax machine at home. While it is impossible to say whether or not this has had an impact on data leaks and the threat that they pose, it’s not hard to see how it presents a significant security improvement.
Secure email is the only high-speed and safe system we currently have at our disposal, by which personal information can be transmitted with peace of mind intact. By turning operations over exclusively to secure digital communication, and by insisting on secure file transfer tech and secure email networks, companies will be able to not only enormously improve their security, they’ll also cut costs and quicken communication by a significant degree.
This kind of decisive and absolute action, coupled with the fostering of a company culture that puts the protection of personal data first, is perhaps the only realistic and attainable solution for the danger that human error presents.
