NovaBACKUP Security Blog

World Backup Day: Mitigate Human Error

human-error_header_1000px

On any day of the week we can open the news and see a headline about the latest hack, ransomware attack or data breach. This fuels the perception that threats to your data are primarily external. The truth, while less headline-worthy, is actually that human error is the overwhelming cause of data loss. Scenarios might include anything from an accidental file deletion or drive format, overwriting files, bad backups, or negligence such as failure to install the latest security patches.

82% of data breaches involved a human element (human error, misuse, phishing, stolen credentials, etc) according to Verizon’s 2022 Data Breach Incident Report.

The major part that human error plays in data loss makes proactive measures for prevention and mitigation absolutely crucial to avoiding downtime. On this World Backup Day, we look at some of the most common ways that human-error cause data loss, and a few measures you can take today.

Accidental Deletion

Nobody is perfect, and mistakes happen. However damage can be reduced by putting access control policies in place. First it must be determined which users or groups require access to which data in order to complete their daily tasks. Next, specific permissions can be assigned for each user to these data sets. 

Misconfiguration

Another vulnerability created by human hands is the misconfiguration of systems and software which created an opening for unauthorized access.  System Administrators can do a lot to standardize software configurations, such as developing a set of standard operating procedures (SOPs) that all organizational members must follow. All changed to configurations must be approved by the System Administrator in advance. There’s also a wide range of configuration management tools which automate routine configuration tasks.. 

Password Management

Strong, complex passwords as a habit can help, but multi-factor authentication (MFA) offers additional security to prevent access – even if a password is leaked to an outside threat. Tools such as password managers can help admins to monitor password usage and enforce a policy of regular password updates for all devices.. 

Phishing

Modern phishing techniques are growing in success largely due to social engineering tactics that take advantage of human error. Attacks are often focused and target specific individuals. They may trick employees into thinking it’s the boss asking them for information, or otherwise play on emotions and fears. Employee education and training may have the most direct impact on the success of phishing, as team members are better able to recognize threats and respond accordingly - in a way that notifies others of the danger. 
(Microsoft Article - How to protect against phishing attacks)

Failed Backup

Networks are often in a state of perpetual change, with new applications, data, and devices being added regularly. If backup policies and scheduled are not regularly updated to account for changes, a failed backup resulting from lack of storage space or other configuration problems becomes more likely. Lack of regular backup-restore testing can also raise the risk that critical data is not readily accessible following a downtime event. Utilizing solutions, such as NovaBACKUP, with a comprehensive central management console, that also generates reports and alerts to keep sysadmins in-the-know, can be invaluable for a quick response to potential vulnerabilities. 

Outside security threats are a real and growing problem in our current business landscape, whether you are an individual or a large organization. But they are often enabled or made worse by human error. We cannot completely eliminate human error, but clear communication about policies and procedures can minimize it and encourage the right kind of security-focused culture. We’re also lucky to have so many excellent technologies and tools at our disposal that can pinpoint vulnerabilities and offer us an early warning to quickly resolve such mistakes. The data-protection experts here at NovaBACKUP are available to offer suggestions on the best way to implement secure backups, restorable when the seconds count. 

We encourage you to download our complimentary 10-point proactive security checklist to make sure can prevent cyber security threats from accessing data.

eBook DownloadSecurity Checklist:
CyberSecurity Threat Prevention (.PDF)