Author’s note: This article also appears on Windows IT Pro.
Data breaches are problems that don’t just affect the largest firms out there. A quick look at our recent infographic The Crippling Cost of Data Loss reveals a lot about data breaches. For instance, businesses lost an average of $3 million dollars in the US due to lost business as a result of data breaches in 2013. You’d think most of these breaches were the result of some sort of attack—a hacker or group of hackers trying to break in and find anything they can. Interestingly enough, 55 percent of security breaches were caused by human error, which is something we’re all familiar with. One can speculate as to why human error is a key piece of so many security breaches, but the fact is that these errors are likely the result of one (or both) of two things: a need for convenience, or simple ignorance.
We constantly trade security for convenience. We’re all guilty of having written down a password on a sticky note. We’ve all likely allowed our web browser to remember our passwords for us, or perhaps we signed up for a password manager that does it all for us, but the best example of choosing convenience over security is our smartphones. How many people do you know have a password on their phone? It keeps things secure, but man, what a pain! I hate typing in my short pin each time I open my phone, but I know that if I don’t lock up my phone and I lose it, someone will have far too much access to my personal information. Someone could even order things through my accounts, and might even be able to find a credit card I’ve got on file somewhere, all because I didn’t have a password.
Now when you’re talking about business, the concept gets even stickier. I don’t know a single person who hasn’t at one time or another felt like there’s a constant battle between workers who need to get things done and IT admins whose job is to keep security threats at bay. I’ve encountered the problem myself, and while I certainly feel security is important, I also need to do my job efficiently. When security gets in the way, people get frustrated. Firewalls could be blocking a site that would help employees complete a certain task, or perhaps certain security protocols won’t let them use a time-saving Word Press plugin. Security can slow things down in a variety of ways, but it’s essential. Especially with data like Verizon’s reporting that businesses confirmed over 1300 data breaches in their organizations in 2013—a clear reminder that data breaches are a problem. The best IT providers won’t compromise much on security because if the wrong threat gets in, a business could end up in next year’s report.
I had a math professor who was fond of calling his students ignorant. He was tired of the frequent misuse of the word he’d heard on campus, so he aimed to take it back to its actual meaning. Put simply, an ignorant person is someone who doesn’t know something. We’re all ignorant (some more than others), but the fault isn’t always our own, and that’s useful to think about when you’re ready to bash an employee’s head for clicking an infected email attachment.
A lot of computer users just don’t really think about security measures, and plenty never have the thought of security even pop into their head. They’re on the path of convenience and they likely don’t know what sort of problems they can cause by not being judicious about security. Really, though, they don’t have to continue being ignorant—you can do something to help.
Rather than get frustrated by user error, you can accept it and work toward remedying it by educating users. There are a variety of simple ways to do so, and IT admins are in a great position to help users understand more about the technology they rely on, especially from a security perspective. Locking systems down is one way to keep things secure, but that gets in the way of the convenience that lets employees get things done efficiently.
Whether you’re emailing users tech tips, providing them with useful articles, scheduling quarterly security sessions, or whatever, you can give them a better understanding of security. With some luck, this will allow you to loosen tight security restraints and find a happy balance that keeps systems both protected and open.
Photo credit: rstrawser via Flickr