World Backup Day 2024 has passed, but the frightening probability of data loss is still very much there. According to Statista, during the fourth quarter of 2023, over eight million records were compromised due to data breaches globally. It shouldn’t be unclear to any organisation—the question isn’t if, but when.
Verizon’s 2024 Data Breach Investigations Report states that the “Human Element” is responsible for an astounding 74% of breaches. These security lapses result from a variety of human errors, including devious social engineering schemes, unintentional mistakes, and improper use of confidential data.
And the above percentage has remained consistent with the 2023 data, suggesting that the human element remains a steady risk concern. However, reporting practices have improved this year, with 20% of the surveyed individuals recognising phishing in simulated exercises. Some 11% of individuals who clicked a malicious email reported it.
A dire picture is painted by IBM’s 2023 Cost of a Data Breach Report, which shows that data breach costs have reached an all-time high of $4.45 million on average in 2023. The ramifications are complex. Data breaches cause irreversible harm to a company’s reputation, undermining customer trust and drawing regulatory attention, in addition to complicated legal issues and large fines. This is a nightmare situation for any business.
Most likely, we’ve made mistakes that lead to data loss: losing or erasing files, sending the wrong person an email, leaving computers open while getting coffee, inadvertently providing information to unsolicited enquiries, and so on.
This article will explore the top five data management mistakes made by people that lead to data loss and what businesses can do to prevent them.
Ignoring updates and patches
The convenience of technology can lead people to become complacent about keeping their software up to date. This lackadaisical approach can have serious consequences, as failing to install updates leaves systems vulnerable to security breaches. Neglecting software maintenance can give hackers an easy opportunity to exploit weaknesses. Without proper backups, recovering lost data can be extremely difficult.
Organisations can strengthen their defences and vaccinate themselves against potential threats by maintaining software at all times and taking a proactive approach to maintenance.
Poorly managed high-privileged accounts
According to the Netwrix 2018 IT Risks Report, only 38% of organisations update admin passwords quarterly, with the rest doing so annually or less frequently. This lack of regular updates leaves accounts with high privileges vulnerable to attacks, as malicious actors can exploit compromised credentials to gain access to sensitive company data.
Implementing the least-privilege principle for all accounts and systems can help prevent unauthorised access and minimise the impact of security breaches such as accidental deletions or ransomware attacks. Monitoring temporary privileges in real-time, using separate administrative and employee accounts, upgrading email security, and implementing two-factor authentication are additional measures organisations can take to enhance cybersecurity.
Inadequate password practices
According to LastPass’s Psychology of Passwords Report, 59% of users use the same password for all of their accounts, increasing the possibility of credential compromise. Certain users continue to use passwords that are simple to decipher, like “password” or “123456.” Even strong passwords can be compromised, particularly if they are shared with colleagues or kept on unprotected devices or documents.
IT professionals are not immune to human error either. According to The 2020 State of Password and Authentication Security Behaviours Report by The Ponemon Institute, 42% of organisations use sticky notes for password management, and 53% of respondents use email to share passwords with coworkers in Bitwarden’s 2022 Password Decisions Survey. Even more concerning: according to Keeper Security’s Workplace Password Malpractice Report 2021, 44% of employees claim to use the same login information for both personal and professional accounts.
In addition to employing a password manager and changing passwords on a regular basis, staff members ought to receive training so they can be aware of the repercussions of weak password security. Reminders about security should be incorporated into login procedures by organisations.
Allowing unauthorised access to company-issued devices
There are many new security risks brought about by the blending of personal and professional domains. According to Statista, up to 20% of UK workers permitted friends and family to use company-issued devices in 2021. Although it might seem harmless to let someone quickly check their email, doing so puts sensitive data at risk of malware incursions. Friends and family are unlikely to purposefully snoop for private information, but they could unintentionally download malware that gives access to cloud storage, business data, and applications.
Companies need to set up explicit guidelines for using devices. For employees who work remotely or are on the go and need access to confidential company information, Kingston Technology’s encrypted USB drives and SSDs are an excellent option. The essential security features for every device should be installed, such as screen locks, two-factor authentication, application blacklisting, and remote wiping programmes.
Succumbing to phishing/social engineering attacks
Studies show that 98% of cyberattacks use social engineering and phishing techniques. These attacks are widespread. Hackers frequently use false emails to trick people into clicking on malicious links or opening infected attachments, which can lead to the disclosure of private information or the download of malware.
For instance, a notification to view a file shared by a colleague or reset a password. These attacks have the potential to permanently destroy data if they are used to spread ransomware or other forms of malware. Many people continue to fall prey to these threats despite increased awareness of them because they lack cybersecurity training and caution.
It’s critical to give staff members regular, continuing education. While there is no way to completely prevent unintentional data loss, the risk can be significantly reduced by creating and routinely testing an extensive business continuity plan.
India: The epicentre for data breach?
As per a cybersecurity report by Surfshark, India ranked 10th globally in Q3 2023 with 369,000 compromised accounts. It remained among the most compromised nations globally, even though the quantity of compromised accounts declined, for the third consecutive quarter in 2023.
After China and Malaysia, India ranked third in Asia for the number of accounts that were compromised during the third quarter. According to the report, 31.5% of all accounts worldwide had their security compromised; the United States ranked highest, accounting for 26% of all breaches that occurred between July and September. China, Mexico, and France are in order of precedence, with Russia in second place.
According to the most recent Surfshark data, India ranked higher in Q3 of 2023 than in Q2 of 2023 for data breaches. India’s breach rate decreased by 74%, propelling the country from seventh to 10th place in the world rankings. This corresponds to a decrease in compromised accounts from 11.4 million in Q2 to 369,000 in Q3.
During an interaction with Business Today, Agneska Sablovskaja, Lead Researcher at Surfshark, said, “The third quarter of 2023 shows a general decrease in data breach count. Yet every minute, over 240 online accounts were compromised globally, exposing sensitive information to malicious actors. We recommend a vigilant approach by maintaining accounts only on actively used platforms and implementing two-factor authentication for enhanced security.”
Data breaches in Europe fell four times in Q3 2023, from 48.1 million in Q2 of 2023 to 10.9 million in Q3 of 2023. To put this into perspective, one in 2.9 accounts compromised in Q3 2023 came from Europe, with Russia accounting for 65% of these breaches.
The study found that an additional 12% of the accounts came from Asia (3.8 million). Less than 8% of the total for the quarter came from any other region, and nearly 15% is still unidentified. Oceania saw the biggest quarter-over-quarter decline of any region, down 91%, from 3.3 million compromised accounts in Q2 2023 to 289.6000 in Q3 2023.
All in all, in today’s digital world, data loss is not just a technical issue, but a very human one. Mistakes happen, and businesses need to be ready for the unfortunate reality of data loss caused by human error. With the increase in ransomware attacks, regular backups are crucial in preventing permanent data loss. Employee training and stricter access controls also play a key role in protecting data.
Hardware-encrypted solutions provide stronger data protection compared to software-based options, ensuring essential files are safeguarded. By acknowledging the impact of human behaviour on vulnerabilities and implementing proactive security measures, organisations can better prepare for potential data loss incidents.