The role of human error in cyber security breaches

Posted on 28/11/2019

Share this post

Over 90% of successful network breaches are caused by human error, whilst recent reports suggest 95% of attacks could have been prevented with basic cyber hygiene. These scary statistics reinforce the importance of implementing user awareness training as part of your wider cyber security strategy.

From phishing scams to poor password practices, find out more about the role employees play in cyber security breaches. More importantly, discover how your business can mitigate these risks, and ensure fewer cyber security breaches occur as a result.

Phishing scams

Phishing attacks are an online scam, generally carried out over email, with the aim to obtain sensitive information such as usernames, passwords and financial details; hence the name, criminals are ‘fishing’ for users’ personal information.

The hoax email received will generally contain a link to a website, where the user will be prompted to provide their sensitive information.

The scary thing about phishing scams, and why so many people fall victim to them, is that both the email and website the user is directed to look extremely legitimate. However, there are some clues that indicate an email is most likely a scam:

  • The email does not display the recipient’s name, instead displays “Dear Customer”.
  • The email is from a public domain such as, rather than the company domain.
  • The email is poorly written and has grammatical errors.
  • The content has a sense of urgency, prompting the user to “act now”.
  • Does the email line up with the actions you have taken? Use logic – for example, have you actually attempted to reset your password?

That being said, phishing scams are becoming harder to spot, with many malicious emails looking exactly like the real deal.

With 70% of end-users less likely to fall for a phishing scam after 12 months of training, organisations must take action to ensure employees are educated enough to effectively respond to such attacks. Performing phishing simulation tests can identify how your users respond to phishing attacks and will help address areas where they need more support.


A mis-delivery is the act of mistakenly sending an email to the wrong recipient. With artificial intelligence and auto-suggest becoming more and more commonplace within email, it is easier than ever to send an email to the wrong person. In fact, mis-delivery is the fourth most frequent action that results in a data breach.

To help reduce the likelihood of mis-delivery, we would advise employing a pop-up box that reminds users to double-check the recipients. We can also help you to implement a data loss prevention (DLP) solution, for example, restricting sensitive data from being sent to emails outside of an organisation’s corporate network.  Features such as secure file send can also help you ensure sensitive data is transmitted safely.

Poor password practices

Shockingly, more than 80% of users recycle the same password across all of their accounts. In addition to this, many people still use obvious and easy-to-crack passwords such as ‘123456’, fail to regularly update passwords and store them incorrectly – either keeping them on an unprotected document on their PC or written on a post-it note near the device itself.

Once a scammer has acquired access to one account, if the same password is used across other accounts, they will have access to a wealth of sensitive information.

To help combat this, employees should be fully trained on proper password practices, and where necessary prompted to change their passwords regularly.

We also strongly recommend implementing Multi Factor Authentication (MFA) across accounts and applications with access to business information. MFA requires an additional element, such as a thumbprint or unique code to validate a login request, increasing security and making it one step harder for hackers to access your data.

Account permissions

More often than not, admin permission is provided to business applications and accounts for those who do not require it. This makes the misuse of privileges more commonplace, whether this be accidentally or deliberately.

To help control this, there should be a stricter account management process in place to limit user privileges for only those that require it, providing users only with the permission levels they need to adequately carry out their role.

Unauthorised users having access to corporate devices

Within many job roles there is now the flexibility to work from home, meaning devices are being taken out of the workplace.

With this, workers are increasingly allowing their friends and family to use their corporate devices. This means unauthorised users could have access to potentially sensitive data, commit a security breach or download malware onto the device.

Having MFA in place on business applications will help prevent unauthorised access, and ensuring employees are educated on the risk of allowing friends and family access to their corporate devices is an effective way to combat this.

What if the worst happens?

Even if you apply all of the good practice we’ve mentioned above, unfortunately, cyber attacks and data breaches can still occur. What do you do in this case? We offer incident response services, purposefully designed to detect, manage and alleviate potential or already occurring cyber attacks and breaches, allowing you to resume normal service as quickly as possible. Ensure that your business is fully prepared to effectively respond to and manage an attack with our support.

The best way to recognise and reduce the role human error plays in security breaches is to educate employees. Our structured cyber awareness training programme is delivered online and provides continuous learning for staff to build a security-conscious culture.

Find out more about how you can reduce your risk of data compromise by getting in touch with our team of experts today.

Share this post

Similar posts you might like

Find out how our Cyber Security specialists can help...