OAIC: Human Error Accounted for Many Data Breaches in Q2
Cyber-attacks in Australia like data breaches during the second quarter of 2019 mainly happened due to malicious or criminal activity, but human error glaringly represented a considerable percentage of the recorded incidents for the same period.
The Office of the Australian Information Commissioner (OAIC) said that 245 data breaches took place from April to June. Malicious or criminal cases accounted for 62 percent of the cases, while 32 percent of the incidents occurred because of human error. Companies should invest in network security testing to find out the vulnerabilities of their digital infrastructure. Small- and mid-sized enterprises, in particular, are more at risk because of little to no implemented policies.
Some Malicious Attacks Rely on Human Error
Human error and malicious activities are closely related because the latter can exploit the former. Even if the OAIC report attributed most data breaches to online criminals, the fact that human error ranks as the second top cause remains unsettling. Anyone can be a victim of cybercrime, but you lower the chances when best practices on cybersecurity are observed for your business.
This includes simple tasks such as not clicking links or downloading attachments from emails sent by unknown or suspicious parties. You should also limit administrative access to a select group of employees, who should be appropriately trained to handle your network architecture.
The Most Vulnerable Industries
Healthcare industries in Australia became the most vulnerable sector to data breaches. The OAIC recorded 47 notifiable data breaches (NDB) during the second quarter, followed by 42 NDBs in the finance industry. Proper accounting and management services had 24 NDBs, while there were 23 cases from the education sector. Retail companies reported 15 NDB in the second quarter.
The leading causes of a data breach in the healthcare sector include personal information sent to the wrong email and fax recipient, loss of paperwork/data storage device, and unauthorized disclosure. These causes also affected the finance sector, which also had more cybersecurity incidents than healthcare companies.
Constant Vigilance About Security
You may think nobody’s interested in a small company since hackers always go after the big fish. This might be true, although it doesn’t make you any safer from potential threats. For instance, using multi-factor authentication can reduce your vulnerability by more than 99 percent based on some studies.
Remember that a single data breach can be devastating for your business. The OAIC said that a particular a company suffered from a massive breach during the second quarter that affected around 10 million people. Why risk cleaning up the mess when you can be proactive with your cybersecurity?
In the end, while hackers frequently target large companies, SMEs should focus more on their cybersecurity strategies as they are less likely to recover from online attacks. A network security test at least once a year can protect your business from data loss. You don’t even have to create an in-house IT group if you can’t afford it, as you can pay for IT outsourcing services that you only need occasionally.