If you think shady criminal cartels, blackmail attempts or straight-up hacking geniuses are the biggest danger to any data held about you online, then we have news for you – plain old human error accounts for far and away the most data breaches.
New research has revealed that human error continues to be the leading cause of data loss for organisations in the UK.
The Databarracks report, which was based on a survey of 400 senior IT workers, revealed that 24 per cent of organisations admitted to a data loss caused by employee accidents in the last 12 months, ahead of hardware failure (21 per cent) and data corruption (19 per cent).
This report comes hot on the heels of data released by the Information Commissioner’s Office earlier this year, which showed that 93 per cent of the 459 data breaches reported to the office in Q4 of 2014/15 could be put down to human error in some way.
It also follows a serious data breach by a London health clinic earlier this month which saw the email addresses of hundreds of patients, many of whom are living with HIV, accidentally sent out publically to all recipients of a clinic newsletter.
Oscar Arean, technical operations manager at Databarracks, said: “Human error has consistently been the biggest area of concern for organisations when it comes to data loss. People will always be your weakest link, but having said that, there is a lot that businesses could be doing to prevent it, so we’d expect this figure to be lower.”
Interestingly, the Databarracks results weren’t fully consistent across all business sizes, with a breakdown revealing that in large companies, hardware failure led to most data loss, with 31 per cent of all cases up from 29 per cent in 2014.
Arean said: “This isn’t surprising as most large organisations will have more stringent user policies in place to limit the amount of damage individuals can cause.”
Arean goes on to suggest that SMEs should adopt more of a big business ethos when it comes to managing human error:
“The figures we’re seeing this year for data loss due to human error are too high (16 per cent of small businesses and 31 per cent of medium businesses), especially considering how avoidable it is with proper management. I think a lot of SMEs fall into the trap of thinking their teams aren’t big enough to warrant proper data security and management policies, but I would disagree with that.
“In large organisations, managers can lock down user permissions to limit the access they have to certain data or the actions they’re able to take – this limits the amount of damage they’re able to cause. In smaller organisations, there isn’t always the available resource to do this and often users are accountable for far more within their roles. That is absolutely fine, but there needs to be processes in place to manage the risks that come with that responsibility.
“Of course small organisations don’t need an extensive policy on the same scale that a large enterprise would, but their employees need to be properly educated on best practice for handling data and the consequences of their actions on the business as a whole. There should be clear guidelines for them to follow.”
So what does this mean for us and our data? While in an ideal world the individual would be at the centre of their own connected life in full control of their own data, it is unrealistic in our current world to hold all our data close to our chests when so many end users have or demand access to it.
So is it safe out there in the big, bad world? Yes, largely speaking, and the benefits to us in areas such as health of having our details instantly available to all medical services, for example, certainly outweigh the chances of being subject to a damaging data breach.
But it is certainly a sobering thought that, no matter how thorough the legislation governing data handling and the individual company policies in place, just one simple, human mistake can be enough to bring all that crashing down.