oops
|

Linked – Revealed: Human Error, Not Hackers, to Blame for Vast Majority of Data Breaches

ByMike McBride Reading Time: 1 minute

These breaches don’t hit the news cycle in the same way, but they are a lot more common, and they’re just stupid careless mistakes for the most part.

“Some 2,124 reports could be attributed to human error, compared to just 292 that were deliberate cyber incidents, Kroll said, with the most common types of incidents being confidential data being emailed to the incorrect recipient (447 incidents), loss or theft of paperwork (438) and data left in an insecure location (164).”

Let me just state that, IMHO, these will continue, and always be more frequent, for two reasons.

1. We’re human, mistakes will happen.
2. Hardly anyone has to deal with any consequences for the kinds of behaviors that lead to this.

Think about it, when was the last time someone outside of the government got fired for using Dropbox when they shouldn’t have? Or for keeping a copy of data that should have been deleted? For emailing data that should be encrypted? Printing confidential information and being careless with it?

Yeah, it may happen when it leads to a breach, but if they weren’t doing it to start with, the breach wouldn’t have happened. Remember, you get more of what you measure. Do we even measure whether people are following the proper policies and procedures as part of their normal evaluation process? If not, why would they take it seriously?

We’ve allowed people to be careless, we shouldn’t act surprised when that carelessness leads to a breach.

https://www.cbronline.com/news/kroll-foi-ico

Similar Posts

  • |

    Linked: Covid-19 Explodes the Myth That Women ‘Opt’ Out of the Workforce

    ByMike McBride Reading Time: 4 minutes

    I’m a man with no children. So, working extra hours when the need arises isn’t really an issue. (It’s a mental health and work/life balance issue when it never ends, but when that happens I can choose to go do something else, and we’ve made some progress in recognizing this in many workplaces.) On the other hand, I know, pretty instinctively, that if I put a hard 40 hour limit, or a hard ending of my day at a certain time, no matter what, I’d probably be out of a job. Yet, for people with children, there needs to be a hard cap on the hours spent working. The pandemic creating this home/virtual school issue made this worse, and more obvious, but it’s always been an issue. Lots of workplaces talk a good game about balance and flexibility, but when push comes to shove, most of them will also demand that you figure out your childcare issues on your own time and be available to work in a pinch. So, you login from home all evening and work, and if you’re a single parent, the kids get ignored, or maybe you can find someone else to watch them for you. If there are two parents, you’d better hope you both don’t have those kinds of jobs, because one of you needs to be available for childcare, you can’t both be online working all night. 

    And, if you have to choose which one leaves that kind of work arrangement, well, in general, women get paid less and have less advancement opportunities, (partially because they are more likely to “opt-out”), so they are going to be the ones to opt out, perpetuating the impression that women make these choices, that are then used to justify not changing the workplace to accommodate working mothers. After all, they’re likely to leave anyway, right? 

    It’s really quite the little, vicious, circle we’ve made for women in the workplace. 

  • Where are we headed?

    ByMike McBride Reading Time: 4 minutes

    Here’s a few thoughts on the current legal and tech scene: What is the best thing about the internet for us, and the worst for Big Media? There are very few barriers to entry when it comes to publishing online. You can do it for very little $$, it doesn’t take special equipment, or licenses….

  • What I’m Sharing (weekly)

    ByMike McBride Reading Time: 1 minute

    10 Timely Tips For Trial Preparation A tale of two cities: Why ransomware will just get worse Recent Cases Spotlight the Challenges of Cross-Border Data Protection Laws in eDiscovery How to Implement a Device Policy for Your Law Firm The New York Times has a course to teach its reporters data skills, and now they’ve…

  • Linked: Why we like fake stuff on Facebook

    ByMike McBride Reading Time: 2 minutes

    Casey makes a very important statement right here: What’s real? What’s fake? Figuring it out can be a lot of fun. And even when it doesn’t feel fun, exactly, it’s rarely less than interesting. Remember the first time you heard about “reality TV”? If you were like me you probably thought something along the lines…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)