We all make mistakes every day. Human error is hardwired into our existence and a universal leveler.
Yet while struggling with mistakes and failure might make for a great movie plot, human error is bad news for data security.
Given that every employee in your organization is fundamentally prone to messing up, when they handle, process, and share sensitive and privileged information, they’re also fundamentally prone to putting this data at risk.
According to our latest research, 84% of organizations have had a data breach caused by human error in the last 12 months.
So, why do mistakes keep happening?
Human error is widely defined as an unintentional action that causes unintended consequences.
Sometimes, these mistakes are decision-making errors that occur because of a lack of available knowledge. Essentially, the mistake maker didn’t know any better. Employees who haven’t received the right level of training or are new to an organization might be more likely to make mistakes this way, and they won’t know there’s a problem until it’s retroactively pointed out to them.
Decision-making errors can also happen because of the environment a person is in. If someone is tired or stressed, or working in a distracted environment, then they’re more likely to screw up and make the wrong choice. These individuals may “know better” when they’re able to think calmly or logically about a situation, but in the moment, they act on impulse and can make errors in judgment.
These types of errors typically happen when performing routine tasks — like sending emails — when attention is diverted elsewhere, for example, by delivery drivers at the door, a colleague waiting to speak to you, or rushing to get to the next part on the commute home.
Productivity enablers, like Microsoft Outlook autocomplete, can be more of a hindrance than a help too. When working quickly or when we’re distracted, we’re much less likely to notice a similar but incorrect name has been inserted instead of the intended recipient.
As before, the mistake maker is unlikely to know they’ve done something wrong until it’s brought to their attention – for example, by the wrong recipient replying or by checking the Sent Items folder because they haven’t received an expected response.
Skills-based errors can also creep into the “finer details” of a familiar activity. Again, email provides a good example of this. Someone might take time to craft an email message, getting the right tone, and checking spelling and grammar. Then when the “easier task” of adding recipients or attaching documents arrives, the person starts to mentally relax. With the end in sight, they move on to thinking about other things (usually the next thing in a long to-do list), and they don’t notice the wrong recipient or document has been added.
“84% of organizations have had a data breach caused by human error in the last 12 months.“
What impacts do mistakes have?
As Rachel’s story shows, it only takes an accidental email and a small like designed to buy you time, before your client loses trust in you. We hear lots of stories like Rachel’s. Sometimes it’s not the first mistake that causes a client to churn, but when repeat errors occur (and they’re going to – we’re only human!), your brand’s reputation is chipped away.
The cost isn’t all on the organization’s side. In our latest research, we asked IT leaders to list the most common outcomes for the individual involved.
- 33% said the employee was informally warned
- 23% said the employee was informally warned
- 18% selected formal disciplinary procedure
- And in 12% they were sued
In only 14% of organizations was there no outcome for the person who made the mistake.
What can we do to prevent mistakes?
People get hacked because phishing attacks are designed to exploit their vulnerabilities.
We can’t rely on people to detect mistakes.
While employees can have the best of intentions, we know it’s inevitable that they’ll do something wrong. When it comes to human error, training and awareness hits a ceiling pretty fast, while locking solutions down (such as removing Outlook autocomplete) only causes people to find even less secure workarounds.
With human layer security, however, it’s possible to turn this security vulnerability into your best defense. Advanced email data loss prevention (DLP) software utilizes intelligent technology like contextual machine learning and social graphing to understand how an individual user communicates using email. It’s able to identify when someone is behaving abnormally – such as adding the wrong recipient or document to an email – and alert the sender before the mistake is made.
At the end of the day, most employees are just trying to get their jobs done to support their organization’s goals, and everyone needs a safety net to prevent mistakes from happening.
Find out how Egress Prevent stops accidental data loss by email.