Data Breach: Combatting Human Error with Technology

Data Breach: Combatting Human Error with Technology

Trent : Hi there and welcome back to TechScoop thanks for joining us. Now recently I’ve been talking a lot about Mandatory Data Breach Notification that was introduced earlier in the year. Now the first report has been released which has shown us the highest number of reported instances of data breach and where originated. Now interestingly enough the highest number of reported data breaches and their cause was down to human error. For that reason I’ve called in one of the smartest blokes I know, Mr Tom Hickmott to talk about ways that we can combat human error. 

Tom: Thanks Trent, thanks for having me.

 Trent: Now Tom when it comes to human error in the report the way they described it, was someone unintentionally attaching a file to an email and sending it to the wrong person. What else would you define as human error?

Tom: There’s probably four areas they we focus on, the first one being the most common is around losing devices. Corporate laptops or mobile devices where people leave them lying around, they leave them in a taxi, leave them in a car, or they get stolen. The second one is really around social engineering, something that we’ve heard a lot about in the past and it’s been going on for many years. It’s where people just through phone calls and phone prompts will just get their most common passwords and phrases compromised. The third one is really around that email, targeted email attacks, so looking at Australia Post email for example – where you expecting a delivery, having embedded links throughout the email. The fourth one is really based around corporate espionage and that sounds like a pretty intense way of putting it. It’s essentially a user taking data that they’ve worked on or developed when they’re at one employer and taking it to another. That’s a big thing now days. A lot of people do feel entitled to their data but it’s also up-to an organisation being able to track their data and see where it’s going.

Trent: Okay so starting from the top we talked about corporate espionage and suspicious website. We can we do as business owners to combat that?

Tom: So I mean, it’s really about Data Loss Protection. You’re looking at your data and where it goes. But also tracking how it’s distributed throughout your organisation. So if you’re looking at you know somebody who’s emailing files out you want to be able to track those files as they go out. You want to know who’s sending them and where they sent them to. You also want to be able to track things like people putting data onto Usb keys, putting it into dropbox and one drive and that sort of thing. It’s really about having all of your data thumb printed and having unique signatures so you can track wherever it goes. Having solutions like People Centric Security  will enable you to do that.

Trent: Now the next one that you spoke about was social engineering. Now that seems like it would be a little bit harder to combat, just from my knowledge.

Tom: So from a social engineering point of view, there’s not a lot you can do with social engineering in it’s basic form. You’re always going to get those people who are going to want to extract data from you. One of the key things around social engineering is multi factor authentication. It means that you’ve got something physical on you, whether it be a soft token on your phone or a physical device. It means that you’ve got something that you can ‘t just know. You can’t go and find out somebody’s maiden name and then intrude  in a security phrase. You have a physical device, the rotating password that enables you to, when you need access it’s in your possession and you can punch it in. So that’s really the core of protecting yourself from social engineering.

Trent: Now the last one was losing devices, I’m guessing that’s very common and everyone out there has done it. 

Tom: look it’s probably the most common and it’s quite simple, in the methods in protecting you against that. It’s really about device encryption and also Mobile Device Management. So being able to control the device when it’s lost. So we would initiate a remote wipe so there’s no data on there. If someone was to gain physical access they couldn’t boot it up. Because you have full encryption on the device.

Trent: Hey thanks for that tom I really appreciate it. You’ve helped me to understand what technology is out there to protect your business and ensure that you’re safe and protected from breach.