Data and human errors: Where does it go wrong?

People make a mistake every 200-20,000 actions. So when humans play a role in a system, it is very likely they make mistakes. Like writing ‘2017’ for instance, when it should be ‘2018’, forgetting their keys, calling somebody by the wrong name. These things happen, after all, you cannot make an omelette without breaking eggs.

Most people spend a large part of their time at work. Since 93% of the Dutch people use internet and email at work, it will be no surprise that many mistakes occur in this area. We will discuss the top three errors that cause data breaches.


Error 1: wrong recipient / wrong content (47% of all data breaches)

All-time high: sending or delivering personal data to the wrong recipient. We have all done it: sending an email to the wrong person.
You want to send something to Rick and you start typing “Ric”. Your mail application completes the name, and you press “send”. Then you suddenly see, to your horror, that the message was sent to Richard Jones, instead of Rick Johnson!
Or you accidentally attach the wrong file to your message, and send it. It happened within a few seconds, but if the message contains personal data, this is really a data breach. The impact of this can be enormous, causing reputational damage to your organisation, or resulting in an annoying fine. And the people whose data you sent, may become the victims of identity theft.


Error 2: lost data carrier (23% of all data breaches)

Another type of error that occurs quite often: a data breach caused by the loss of theft of a device, data carrier and/or paper. A ‘data carrier’ is probably a word you do not use very often, but think of your laptop that is stolen from your car, for instance, or a DVD or USB flash drive that got lost. Lost (or opened and returned) letters or parcels are most common errors in this category. This is the cause of 9% of all data breaches. This type of error is easy to avoid. Stop using data carriers, and send large files digitally. However, make sure the data reaches the right recipient.


Error 3: hacking, phishing and/or malware (6% of all data breaches)

This type of error occurs a lot less often than you would think, even though it is a broad category. Hacking means that an unauthorised party deliberately intercepts information. Phishing implies that a user clicks on a link and incurs malware, for instance. Contamination often occurs through infected files, such as mail attachments or via online advertisements that abuse a leak in outdated software.
Employees causing these types of data breaches are often not well-informed about the dangers. However, the impact of infected network drives or cloud storage is significant. Education and awareness will help prevent this type of data breaches. In case of hacking of mailboxes, we advise to opt for a solution that ensures that access can be remotely revoked if necessary. Interception of messages can be prevented by means of encryption and TLS.

When you have read the above, you understand that preventing data breaches takes more than good encryption. If you do not take the human factor into account, you are just wasting of time and effort. Particularly since humans play such an important role in the start of data breaches, it is essential that they are aware of the presence of sensitive data and the risks involved. But how do you ensure that this subject becomes a reality for your colleagues? How to create a permanent focus on privacy in your organisation? Read about it in our e-book Create awareness on privacy and the GDPR.


Go to the e-book

RELATED
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more
Sending_or_receiving_credit_card_data_via_email_while staying_PCI_compliant

Sending or receiving credit card data via email while staying PCI compliant

To prevent cardholders’ information from falling into the wrong hands, the Payment Card Industry Data Security Standard (PCI DSS) was established to hold organizations to a common standard for securing cardholder information against unauthorized exposure and exploitation. […]

Read more
We_are_happy_to_introduc _ou _new_VP_of_sales_Chris_Brown_ZIVVER_eng_blog_update

We are happy to introduce our new VP of Global Sales: Chris Brown

"ZIVVER is entering new markets at high speed. We intend to lead in those markets. With Chris, we bring in a senior leader who has done this before multiple times. We love that he is not ‘just’ about sales. Chris has a deep, hands-on understanding of the problems our customers face and of the market space and a very inspirational and credible leader for our fast […]

Read more
We_are_happy_to_introduc _ou _new_VP_of_sales_Chris_Brown_ZIVVER_eng_blog_update

We are happy to introduce our new VP of Global Sales: Chris Brown

"ZIVVER is entering new markets at high speed. We intend to lead in those markets. With Chris, we bring in a senior leader who has done this before multiple times. We love that he is not ‘just’ about sales. Chris has a deep, hands-on understanding of the problems our customers face and of the market space and a very inspirational and credible leader for our fast […]

Read more
Cloud_based_office_support tools_that_are_U.S._rooted_fail GDPR_complianc_ZIVVER_Eng_blog

Cloud-based office support tools that are U.S. rooted, fail GDPR compliance

It is estimated that the U.S.A. supplies 80% of the global cloud computing services. And nearly all most-used cloud-based solutions for email and word processing are from the US. This causes a big issue for European companies using these vendors since they are not GDPR compliant. This is the conclusion of a research performed by the Swedish National Public Procurement […]

Read more
Idans welcome blog (2)

We are happy to announce our Chief Technology Officer: Idan York.

Idan will be responsible for vision outlining and implementation of technological strategies that align with ZIVVER’s expansion objectives. […]

Read more