Leveraging Technology to Mitigate Risk Part #2: What You Don't Know Can Hurt You

July 30, 2018
Part 2 of our blog series discusses how a lack of understanding about your organization’s technology policies is a problem waiting to happen. 
Technology provides a powerful platform allowing organizations to innovate at a rapid rate. Technology is so entrenched in our work-lives, we take for granted how things like email services, smart phones, video chatting, and computers have revolutionized the business world. However, with technology progressing and changing so quickly, it has also made organizations vulnerable to risks like cyber-attacks and data breaches, putting their clients’ privacy in jeopardy. Over the next few weeks, our blog will cover some of the top ways you and your organization can protect yourselves from the increased risk associated with the daily use of technology. 
What You Don’t Know CAN Hurt You Security Stock Image Computer
Ignorance of your organization’s technology policies and procedures is not an excuse for putting your work data at risk. More importantly, ignorance is not defensible in court. A 2017 study by IBM and the Ponemon Institute found that in the United States, 24% of data breaches are caused by human error or negligence, and will cost the company about $126 per record compromised. Enough risk comes from criminal cyber attacks; do not allow poor training of employees to add to that risk. 
How do these human error breaches happen? A 2009 study titled, "How Significant is Human Error as a Cause of Privacy Breaches? found that human errors can be classified into two categories: slips and mistakes. The study defines a slip as an ”incorrect execution of a correct action sequence”—or an execution failure. Mistakes are defined as a ”correct execution of an incorrect action sequence”—or a planning failure. 
Examples of slips include: 
  • Not recording a customer’s opt-out information and releasing their information as a result 
  • Downloading classified information on a public computer
  • Mailing sensitive information to the wrong client 
Examples of mistakes include:
  • Weak passwords
  • An employee accidentally releasing classified information because they were unaware of what constituted classified data
  • Loss or theft of an unprotected or un-encrypted item containing sensitive data
It is important to note that both slips and mistakes are intentional but non-malicious—the employee thinks they are doing the correct action, they just do not realize they are making an error. The importance of proper training should not be overlooked. According to the 2009 study, a thorough education that clarifies organizational technology policies and procedures would significantly reduce the number of slips, and—in theory—completely eliminate mistakes, which consistently outnumber the amount of slips.
Being an organization with a corporate culture that fosters and values security pays off. Effective employee training—from CEO to summer intern—can reduce the average cost per breached record from $141 to $128.50.  This savings of $12.50 per record is significant, considering the average total cost of a data breach is $3.62 million and the average size of a data breach is 24,089 compromised records.
Organizations who appoint incidence response teams and use extensive encryption can expect to see even more savings. Incidence response teams reduce the cost per compromised record from $141 to $121.70, and extensive use of encryption reduces the cost from $141 to $124.90. Other ways to reduce the risk and cost of data breaches include hiring knowledgeable IT staff, following retention policies, and using threat intelligence sharing platforms.
Regardless of what practices your organization chooses to enact, it is of the utmost importance that the entire organization is committed to staying educated and to following data security.