Private or public sector, cyber criminals don’t care: all they are eager to steal is information and money, no matter where they get them. 2015 was a tough year for the public sector, with around 47,237 incidents reported, according to Verizon’s 2016 DBIR report. 82% of these incidents fell into four categories: miscellaneous errors, insider and privilege misuse, theft and loss, and crimeware.
The human factor cannot be controlled but influenced
Miscellaneous errors accounted for 24% of data breaches. Employees sending emails or documents to the wrong recipient are the classic example. A further 20% of data breaches were caused by physical theft and loss of documents and devices such as laptops and mobile phones.
Such incidents will always happen because humans make mistakes. All you can do is to influence behaviour by educating your staff to understand what’s harmful to your company and what can be done to prevent such mistakes. The most cost-effective way to train your whole staff is through e-learning courses. Check out our portfolio of e-learning courses and price list, which is based on the number of users.
Beware of end users who inadvertently or intentionally leak information
22% of data breaches were caused by insider and privilege misuse. A third of these incidents were caused by end users who inadvertently or intentionally leaked information to third parties. Prevent or mitigate this risk by restricting access to your most valuable accounts, and by assigning administrator privileges to a restricted number of employees, usually IT staff. Another tip is to properly configure computers and devices so that they only provide the services they are required to. You should also block staff from installing any software on their machines without you knowing.
16% of data breaches caused by malware
The last category is crimeware, which is described as “any incident involving malware”. The most common is ransomware, which encrypts the content of the device, making it impossible to decrypt unless you have the key. Put up barriers to avoid malware getting into your system:
- Firewalls and Internet gateways will help you monitor all network traffic and block the unwanted.
- Anti-malware software to detect and protect your machines from a broad range of malware.
- Patches to secure your software from known vulnerabilities that could be exploited.
A simple solution for companies in the public sector
Around 80% of the above security incidents could have been prevented through the implementation of the five security controls mandated by the Cyber Essentials scheme. Around 2,000 companies have already achieved Cyber Essentials or Cyber Essentials certification, which demonstrates their commitment to secure their data and information, bid for specific UK Government contracts, and demonstrate to clients, insurers and investors that they have taken precautions to reduce cyber risks.
IT Governance has developed three packaged solutions to suit any budget and any need to help SMEs and larger companies achieve certification at their own pace. Check them out >>