People: the weakest link

Editorial Type: Opinion Date: 08-2020 Views: 845 Tags: Storage, Research, Disaster Recovery, Business Continuity, Management, StorageCraft PDF Version:
Florian Malecki of StorageCraft warns that organisations need to beware 'the vulnerability from within': human error

While cyber threats continue to be a massive drain on business productivity, there is another, less obvious vulnerability: unintentional employee error. Indeed, a majority of businesses say that simple human error is their leading cause of data loss, according to a survey from StorageCraft.

Among survey respondents, 61% reported that their company had suffered a data loss over the last two years. More striking is that 67% said human error - everyday mistakes made by employees - was the primary reason for data loss and system outages. Human error, for example, weak passwords and "dirty" work environments, can be the pathway to security hacks and have potential to wreak havoc far greater than that of a third party with malicious intent.

It can be as simple as an employee misplacing a spreadsheet or spilling coffee on their laptop. It could be someone who accidentally deletes a critical file or an entire database of critical information. Then there are the real-life oddities such as dropping a laptop! These seemingly small incidents can add up and potentially cripple a business.

A few years ago, software company Gliffy experienced a nightmare scenario when one of its employees pressed the wrong key and deleted the company's entire production database. The same thing happened to GitLab a few years back, resulting in a major service outage.

Perhaps the most famous data-deletion story involved Pixar during the production of Toy Story 2. One of the movie's animators accidentally entered a delete command, resulting in a cascade of errors that erased 90% of the production files. To make matters worse, the data-backup system failed to work properly due to inadequate disk space. For a brief moment, there were fears that the entire production would have to be scrapped. It was only a Herculean effort by the technical crew that saved the film.

The data-loss problem could become even more prevalent in the current and post-COVID world, as millions of people work remotely. Moving employees, their computers, and data from a secure office environment to a less-secure home environment presents a range of unintentional data-loss risks.

The reality is that employees will continue to make mistakes, they're only human, after all. Here are three ways that organisations can protect themselves against catastrophic data loss caused by human error:

  • Promote good data backup habits. With so many employees working remotely, it's harder for organisations to manage backups and store data on the corporate network. Encourage employees to be responsible and back up their data regularly. If they store data on a local flash drive inserted into their laptop, they should back it up to the cloud or another hard drive. If employees store their data primarily in the cloud, they should be sure to have another copy offline.
  • Encourage stringent cyber hygiene. All employees, especially those working remotely, need to be reminded to update the software on their devices and enable all available security features, such as firewalls and anti-malware. Failing to install updated software and security patches is a well-known employee misstep that creates gaps for malware and ransomware to seize on.
  • Limit the number of files employees can access. Employees should only be able to access data and folders based on the principle of 'least privilege'. This gives employees enough access to perform their required jobs but prevents them from accidentally deleting or corrupting files they shouldn't have had access to in the first place, meaning the risk caused by human error is significantly reduced.

A business' weakest link may well be the 'danger within', albeit unintentional. With the right strategies and processes in place, businesses can limit data loss when employees inevitably make mistakes.

More info: