We have written before about the differences between insider risks and insider threats. It comes down to intent. Not all insiders are threats, but anyone who handles sensitive information presents risk. After all, humans make mistakes. The recent disclosure that from 2015 to 2023 over 100,000 emails intended for military personnel were sent to an email server in Mali when senders inadvertently ended email addresses in “.ml” instead of “.mil” is the latest reminder.
Unfortunately, this is not an isolated case. The 2023 Verizon Data Breach Investigation Report found that 74 percent of all breaches involved a “human element.” The World Economic Forum believes the problem is worse. They found that 95 percent of cybersecurity incidents occur due to human error. These errors can result from:
- Lack of training: Many individuals may not receive adequate training or education on data security best practices. They may not fully understand the potential consequences of mishandling sensitive data, leading to unintentional errors.
- Work Pressure: Sometimes people with good intentions make bad decisions. For example, they may take screenshots of sensitive information during video conferences. Others may upload sensitive data to a cloud storage service so they can access it later without going through the corporate network or print data on their home devices.
- Distractions: In a busy work environment, multitasking can divert attention away from safe data handling, increasing the likelihood of errors.
- Unclear Policies and Procedures: Lack of clear data handling policies or inconsistent enforcement of policies can contribute to errors. Poor communication of sanctioned solutions leads users to find their own methods.
Policies Are a Good First Step
Policies for the safe handling of sensitive information are a requirement in any company managing regulated data. However, having a good policy doesn’t guarantee that employees will understand all use cases or remember to follow the policies. Most employees have limited exposure to cybersecurity, are trying to meet work commitments, and are dealing with multiple tasks (see distractions, above). Not uploading a file containing intellectual property, product plans, or customer data to a personal Dropbox account may seem obvious to security professionals. To many employees, however, it is a simple way to move data so they can get their work done as quickly as their roles require, using the tools they have at their disposal at the time.
Cybersecurity Training is Inconsistent
Training employees on best practices for handling sensitive information is also helpful. In most organizations, however, this is an annual exercise. Learning is not a one-time event. One does not learn to speak a new language, play a musical instrument, or fly a plane by focusing on the task for an hour once each year. Constant reminders are used when safety is critical. Pilots are required to use checklists every time they begin a flight. Construction sites use multiple signs to remind those on site to wear hard hats.
Incident-based Training Reinforces Policies
The same approach – constant reminders – is required for recognizing when data can be put at risk. Learning requires repetition. Ideally, this occurs “in context” when data is put at risk. That is the approach we take with Reveal. When a user takes an action that would put data at risk, Reveal automatically provides policy reminders and safe alternatives. It can even require acknowledgement of company policies before proceeding.
In our experience these consistent reminders can significantly reduce the number of risky events as defined by policy violations. We’ve had customers see upwards of 50% reduction in alerts in just days due to the feedback to the users about what is acceptable use.
Stopping inadvertent data leaks requires good security hygiene. Consistent, non-threatening reminders presented when the user attempts a risky action help employees learn and self-correct. Incident-based training reinforces policies and cybersecurity awareness training and contributes to a security-positive culture. Over time this provides the organization multiple opportunities to engage with and influence users to mitigate the risk of inadvertent data leakage.
Whether your focus is on data protection or SOC use cases, Reveal delivers the insights into data movement that let you educate your users. You can support sanctioned use and reduce enterprise risk. For a full demo of the Reveal platform, click here.
