Most organizations are taking a good, hard look at data security these days, following high-profile hacks in 2014, including iCloud, Sony and JP Morgan. Even the International Consumer Electronics Show (CES) in Las Vegas (held January 6-9, 2015) is hosting its first-ever Cyber Security Marketplace to showcase solutions to keep data and devices more secure.
However, even when businesses adopt these security solutions, the human factor is critical to closing the loop on keeping data safe.
JPMorgan is one example, where the human factor played a key role in its data breach. According to the New York Times: “Big corporations like JPMorgan spend millions — $250 million in the bank’s case — on computer security every year to guard against increasingly sophisticated attacks like the one on Sony Pictures. But the weak spot at JPMorgan appears to have been a very basic one…the computer breach at JPMorgan Chase this summer — the largest intrusion of an American bank to date — might have been thwarted if the bank had installed a simple security fix to an overlooked server in its vast network.”
In previous blogs, we have advised using two-factor authentication (2FA) which requires a second one-time password to gain access to a protected system. Most big banks, including JPMorgan use it. But, according to the report, one specific example of human error was that “JPMorgan’s security team had apparently neglected to upgrade one of its network servers with the dual password scheme…That left the bank vulnerable to intrusion.”
JPMorgan is not alone when it comes to the human factor compromising security. 95% of IT security breaches are attributed to human error, according to a recently released report from IBM.
With the human factor so critical to keeping preventing data breaches, it is important to put a clear, easy-to-adopt security protocol in place and clearly communicate expectations to employees. Below, we have listed several considerations and tips for shoring up your data security protocol:
1. Streamline your technology infrastructure – most small businesses no longer need a large infrastructure and it is not only an unnecessary cost, it can be an unnecessary risk so get rid of any solutions you no longer need
2. Increase access to documentation, mapping out all your solutions and infrastructure and the employees who have access to them – these are potential points of access to data so it is important to keep track of all these “doors and windows” (you can see why streamlining your solutions will make this process easier)
3. Limit access to sensitive data to only those who need it to you limit the risk of human error
4. Commit to automatically generating strong passwords that are changed every six months and use two factor authentication whenever possible (see Sinu blog for more detailed information on creating strong passwords)
With technology becoming more mobile and data more accessible, adopting a culture of security is critical for all organizations large and small…the sooner, the better!