<img height="1" width="1" style="display:none" src="https://q.quora.com/_/ad/1fa075f6a9144556974dd51ae0b653c7/pixel?tag=ViewContent&amp;noscript=1">
All Posts

Data Breach: Combatting Human Error with Technology

Trent : Hi there and welcome back to TechScoop thanks for joining us. Now recently I’ve been talking a lot about Mandatory Data Breach Notification that was introduced earlier in the year. Now the first report has been released which has shown us the highest number of reported instances of data breach and where originated. Now interestingly enough the highest number of reported data breaches and their cause was down to human error. For that reason I’ve called in one of the smartest blokes I know, Mr Tom Hickmott to talk about ways that we can combat human error. 

Tom: Thanks Trent, thanks for having me.

 Trent: Now Tom when it comes to human error in the report the way they described it, was someone unintentionally attaching a file to an email and sending it to the wrong person. What else would you define as human error?

Tom: There’s probably four areas they we focus on, the first one being the most common is around losing devices. Corporate laptops or mobile devices where people leave them lying around, they leave them in a taxi, leave them in a car, or they get stolen. The second one is really around social engineering, something that we’ve heard a lot about in the past and it’s been going on for many years. It’s where people just through phone calls and phone prompts will just get their most common passwords and phrases compromised. The third one is really around that email, targeted email attacks, so looking at Australia Post email for example – where you expecting a delivery, having embedded links throughout the email. The fourth one is really based around corporate espionage and that sounds like a pretty intense way of putting it. It’s essentially a user taking data that they’ve worked on or developed when they’re at one employer and taking it to another. That’s a big thing now days. A lot of people do feel entitled to their data but it’s also up-to an organisation being able to track their data and see where it’s going.

Trent: Okay so starting from the top we talked about corporate espionage and suspicious website. We can we do as business owners to combat that?

Tom: So I mean, it’s really about Data Loss Protection. You’re looking at your data and where it goes. But also tracking how it’s distributed throughout your organisation. So if you’re looking at you know somebody who’s emailing files out you want to be able to track those files as they go out. You want to know who’s sending them and where they sent them to. You also want to be able to track things like people putting data onto Usb keys, putting it into drobox and one drive and that sort of thing. It’s really about having all of your data thumb printed and having unique signatures so you can track wherever it goes. Having solutions that will enable you to do that.

Trent: Now the next one that you spoke about was social engineering. Now that seems like it would be a little bit harder to combat, just from my knowledge.

Tom: So from a social engineering point of view, there’s not a lot you can do with social engineering in it’s basic form. You’re always going to get those people who are going to want to extract data from you. One of the key things around social engineering is multi factor authentication. It means that you’ve got something physical on you, whether it be a soft token on your phone or a physical device. It means that you’ve got something that you can ‘t just know. You can’t go and find out somebody’s maiden name and then intrude  in a security phrase. You have a physical device, the rotating password that enables you to, when you need access it’s in your possession and you can punch it in. So that’s really the core of protecting yourself from social engineering.

Trent: Now the last one was losing devices, I’m guessing that’s very common and everyone out there has done it. 

Tom: look it’s probably the most common and it’s quite simple, in the methods in protecting you against that. It’s really about device encryption and also Mobile Device Management. So being able to control the device when it’s lost. So we would initiate a remote wipe so there’s no data on there. If someone was to gain physical access they couldn’t boot it up. Because you have full encryption on the device.

Trent: Hey thanks for that tom I really appreciate it. You’ve helped me to understand what technology is out there to protect your business and ensure that you’re safe and protected from breach.

Related Posts

5 Reasons Your Disaster Recovery Plan Will Fail

A Disaster Recovery Plan is like an insurance policy. It’s the thing you never hope to need, but are thankful to have when you do. If accidentally putting your phone through the wash feels like a chilly Spring breeze, suffering an organisation–wide operations failure would be a category 5 tornado in the dead of winter. That insurance with the help of IT Managed Services would come in handy, wouldn’t it? For something so critical to maintaining the function and security of a business, you’d be surprised just how many don’t take disaster recovery seriously. You might even be one of them. And you’re not alone. 40% of all businesses rate their organisation’s ability to swiftly recover operations after a disaster as fair to poor, and 3 out of 4 businesses receive a fail grading for DR strategy. Ironically, 95% of businesses experience system failures due to incidents unrelated to natural disasters. These operational disasters account for 45% of all system disasters, with natural disasters and human error accounting for 35% and 19%. And then there’s that 1% of freak, what the hell just happened?!?! occurrences. So if the chance of suffering some kind of system disaster is so high, why aren’t more businesses investing in an effective DRP? Think you’ve got DR covered on your own? Here are 5 reasons your disaster recovery plan will fail.

Techware Rebranded

We’ve been working hard on this project and are extremely proud to be revealing our refreshed branding in 2019!

Anatomy of Attack - What a successful attack looks like

Trent: Welcome back to TechScoop, thankyou for joining us now today I am joined by an exceptionally special guest Mr Ryan Economos from Mimecast. Thanks for joiing us Ryan, good to see you again.