Human Error Fuels Most Breaches

Believe all you read in the press and you might be forgiven for thinking that hackers are poised to strike at any moment, however, human error remains the main cause of data breaches, according to the Information Commissioner's Office's own statistics.

A Freedom of Information request made by Egress Software Technologies shows that between the beginning of January and end of March this year there were 448 incidents of data breach or loss recorded by the ICO, with most incidents attributed to human error.

Of the 448 incidents, 74 were recorded as a loss or theft of paperwork, a further 74 were cases where data was posted or faxed to the wrong recipient and in 42 cases data was emailed to the incorrect recipient.

Unencrypted devices were either lost or stolen on 20 occasions in the first three months of the year, and 24 cases concerned insecure disposal of paperwork. Organisations failed to redact personal data 28 times during the period and a further 19 cases in total concerned either information uploaded to a webpage, verbal disclosure or insecure disposal of hardware.

In comparison, there were 39 cases of data breaches in the first quarter of 2016 stemming from insecure websites, which includes incidents of hacking. A further 128 data security breaches were recorded by the ICO during the period but were not categorised.

Egress Software chief executive Tony Pepper said: "The fact that so many breaches are caused by methods of working that are known as data breach pitfalls – such as faxing and posting sensitive information, or using plaintext email – should be a major concern for all organisations.

"Organisations need to begin gaining a holistic understanding of the information security measures they have in place."

"This begins with examining the nature of the data produced and handled by their staff, and using a classification tool to mandate how that it is treated. Next, they need to make sure that, when required, the data is released in the correct manner.

"Integration between classification policy and tools, such as email encryption and secure online collaboration, can ensure the correct protection and control is applied to the data when it is released from their environment – functionality obviously not available in more traditional ways of working," he said.

DataIQ: http://bit.ly/1WNwmxl

 

« Harvard Business School Wants To Know How To Win At Cybersecurity
Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked. »

Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Cylance Smart Antivirus

Cylance Smart Antivirus

An antivirus that works smarter, not harder, from BlackBerry. Lightweight, non-intrusive protection powered by artificial intelligence. BUY NOW - LIMITED DISCOUNT OFFER.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

WEBINAR: Shifting Your Network Security Architecture To The Cloud

WEBINAR: Shifting Your Network Security Architecture To The Cloud

Thursday, July 8, 2021 - In this webinar, SANS and AWS Marketplace will discuss how to adapt network security architecture and control implementation to a cloud-based model.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Phoenix TS

Phoenix TS

Phoenix TS offers world-class management, computer, and IT security certification training courses.

European Data Protection Supervisor (EDPS)

European Data Protection Supervisor (EDPS)

The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good practice in the EU institutions and bodies.

mnemonic

mnemonic

mnemonic helps businesses manage their security risks, protect their data and defend against cyber threats.

Deutsche Cyber-Sicherheitsorganisation (DCSO)

Deutsche Cyber-Sicherheitsorganisation (DCSO)

DCSO is an IT security specialist with a focus in three areas - technology management, managed security services, security consulting and auditing.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

CyberNB

CyberNB

Canada's epicentre for cybersecurity. CyberNB is focused on cyber skills and workforce development, R&D, protecting our critical infrastructure, innovation and building a world class cyber ecosystem.

Security & Intelligence Agency (SOA)

Security & Intelligence Agency (SOA)

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

Wise-Mon

Wise-Mon

Wise-Mon is expert in its field of network monitoring and control. We give solutions to huge organizations with tens of thousands of ports, as well as small companies with one switch.