3 simple steps to protect data from human error

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

While cyber threats continue to be a massive drain on business productivity, there is another, less obvious vulnerability: unintentional employee error. Indeed, a majority of businesses say that simple human error is their leading cause of data loss, according to a survey from StorageCraft.

Among survey respondents, 61 percent reported that their company had suffered a data loss over the last two years. More striking is that 67 percent of respondents said human error—everyday mistakes made by employees—was the primary reason for data loss and system outages. While human error, such as weak passwords and "dirty" work environments, can be the pathway to security hacks, it can also wreak havoc far greater than that of a third party with malicious intent.

It can be as simple as an employee misplacing a spreadsheet or spilling coffee on their laptop. It could be someone who accidentally deletes a critical file — or an entire database of mission-critical information. Then there are the real-life oddities such as dropping a laptop on the rail track, and forgetting that the backup VRX cassettes are on the car roof, driving off! These seemingly small incidents can add up and potentially cripple a business.

A few years ago, software company Gliffy experienced a nightmare scenario when one of its employees pressed the wrong key and deleted the company's entire production database. The same thing happened to GitLab a few years back, resulting in a major service outage.

Perhaps the most famous — and harrowing — data-deletion story involved Pixar during the production of Toy Story 2. One of the movie's animators accidentally entered a delete command, resulting in a cascade of errors that erased 90 percent of the production files. To make matters worse, the data-backup system failed to work properly due to inadequate disk space. For a brief moment, there were fears that the entire production would have to be scrapped. It was only a Herculean effort by the technical crew that saved the much-loved film.

The data-loss problem could become even more prevalent in the current and post-COVID world, as millions of people work remotely. Moving employees, their computers and their data from a secure office environment to a less-secure home environment present a wide range of unintentional data-loss risks.

The reality is that employees will continue to make mistakes. They're only human, after all. But here are three ways that organizations can protect themselves against catastrophic data loss resulting from human error.

#1: Promote good data-backup habits

With so many employees working remotely, it's harder for organizations to manage backups and store data on the corporate network. Encourage employees to be responsible and back up their data regularly. If they store data on a local flash drive inserted into their laptop, they should back it up to the cloud or another hard drive. If employees store their data primarily in the cloud, they should be sure to have another copy somewhere offline.

#2: Encourage stringent cyber hygiene

All employees, especially those working at home, need to be regularly reminded to update the software on their devices and to enable all available security features, such as firewalls and antimalware. Failing to install updated software and security patches is a well-known employee misstep that creates the gap for malware and ransomware to seize on.

#3: Limit the number of files employees can access

Employees should only be able to access data and folders based on the principle of "least privilege." This is the concept of only giving employees enough access to perform their required jobs. Least privilege can prevent workers from accidentally deleting or corrupting files they should never have had access to in the first place. Enforcing the least privilege can significantly reduce the risk caused by human error.

Your weakest link may well be the 'danger within,' albeit unintentional. With the right strategies and processes in place, you can limit data loss when your employees inevitably make mistakes.

Shridar Subramanian is vice president of marketing and product management at StorageCraft. He has more than 23 years of experience in information technology. Shridar joined StorageCraft with the acquisition of Exablox in January 2017. Prior to StorageCraft, Shridar was the VP of marketing at Virident Systems, a leading provider of PCI SSDs, and he also was the senior director of marketing at Monosphere Inc., a storage virtualization software company.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.