The investment in a security infrastructure, with systems for the protection and monitoring of environments is essential, however there is a much greater risk that needs to be mitigated: the user.
According to a study by Ernst & Young, about 90% of security breaches are the result of human error and 55% of companies do not see their protection as an integral part of their strategy.
Basic errors made by users, due to ignorance or negligence, which compromise the data, could be easily avoided, through employee training. Human error can include opening an infected email, errors related to systems management, configuration errors or improper information exposure. The most common flaws are setting weak passwords, sending sensitive data through insecure means or sharing passwords. These are situations that allow breaches in the security of any organization. This problem arose and began to gain greater visibility in recent years, thanks to the increasing mobility and the use of smartphones and other mobile devices connected remotely to the companies’ information systems.
There are a few ways that companies can minimize information leakage:
The use of encryption and data masking solutions, password management, authentication and access rules reduce the possibility of error. Being able to avoid mistakes before they happen is the best strategy to ensure the defense of an organization.
Making people aware of safety is also an important method for reducing the impact of human errors. It is therefore necessary to create strategies to support the execution of daily tasks, such as checklists, email campaigns (controlled phishing), standardized procedures and disciplinary measures.
Security testing developments are imperative, so that users can be aware of their own weaknesses and for companies to be able to monitor the most fragile targets. In this way, it also allows organizations to train users with more specific and targeted content, and also develop specific actions according to the detected vulnerabilities.