IT News

3 Ways To Reduce Human Error From Becoming a Cybersecurity Issue | BC Tech Support

Managed IT, Security | May 29, 2021

Exactly how many data breaches and hacks are down to human error is open to debate. At least, that what it seems! While researching this blog post, we found one article that said 23%. Another in the Wall Street Journal placed it at 95%!

It probably depends on how you define human error. An obvious example is an employee leaves a company laptop in a car, which then gets stolen. Or a document sent to mis-typed email address. When you really think about all the ways in which your data can be hacked or breached, human error is almost always partly involved! The method of backdoor-code-hacking that you see in the movies just does not happen as often as you think. That is way too much effort for the modern hacker. Why spend hours trying to break through firewalls when a simple phishing email, in an employee inbox, can do the work for you from the inside?

Whatever that statistical number is, and however you define human error as a cause, the fact is that the biggest threat to your data is probably the person sitting at the desk! So, what can you do to limit that human error threat?

Training helps prevent Human Error!

The biggest (and best) prevention tool is training. How can you expect employees to recognize threats if they are not taught? If they use tech, cybersecurity training is as important as the training they need to do their job. According to a 2019 report, SMBs were most frequently affected because of inappropriate IT resource use by employees. The next highest cause came from malware infection of company owned devices.

Good cybersecurity training includes (but is not limited to!):

  • Good password practices (how to think of good passwords, how to store them, regular refreshing of passwords etc)
  • How to spot phishing threats in emails
  • Safe surfing practices (using sites with HTTPS rather than HTTP etc)
  • Appropriate use of company devices (e.g. not lending them to family members, not using them for personal tasks, safe storage when not in use etc)

Also, businesses can help prevent human error by offering refresher courses with updated threat education, once or twice a year. Yes, training takes time. Yes, training costs money. However, NOT training can cost you a LOT more!

Perform Regular Updates!

SMBs with outdated technology can lose up to 54% more money when they suffer a data breach, compared to companies who update their IT. Old and unpatched software is a big problem and yet 44% of North American organizations use it in their operations!

So, why aren’t these companies updating their software? Well, it is often down to that human element again! Too often users are ignoring or delaying their device’s pleas for an update. The biggest reason is time. They are either too busy when they received the update notification, or do not want to stop what they are doing at the time.

Human error played a huge part in one of the biggest hacks to hit the headlines. The huge Equifax breach, a few years ago, could have been avoided. Apparently, employees were told about a potential vulnerability and given 48 hours to patch it. They did not. 2 months later, hackers spotted the vulnerability and the hack took place!

Automated updates are a good way to go but allocating someone (reliable!) to make sure the updates are regularly run on all company devices is even better. (Along with adding the importance of updates to that training we talked about!)

Limit Sensitive Data Access

According to a Varonis report, employees in almost 2/3 of companies have access to over 1000 sensitive files! In fact, a financial services employee can have access to 11 million files! Now, when we say “have access to”, we mean complete access. Unrestricted access. Freedom to open, copy, change and delete that precious data.

It is easier than you think to limit access to those sensitive files from people who really don’t need them. Limiting drive access and document password protections are the easiest to start.

Need Help preventing Human Error?

If you are concerned about your business’ cyber-security vulnerability, we can help! Call us on 604-210-9811 or email

Request Consult

    Please fill in all the required fields marked by an orange asterisk.