A More Human Approach to Addressing Human Errors in Security Breaches

By Chris Denny, Principal Consultant and Trainer, Attention to Detail Training

It is common knowledge in the security industry that human error is the leading cause of security breaches. The World Economic Forum’s “The Global Risk Report 2022” shares that 95% of cybersecurity issues can be traced to human error. Other reports and research around the causes of security breaches reveal similar numbers. In fact, the lowest number I’ve seen is Verizon’s 2022 “Data Breach Investigations Report” that says 82% of breaches “involved the human element”.

Pick a number. It’s clear that there’s room for improvement.

Top Causes of Security Breaches

The most common direct causes of security breaches include:

  • Weak passwords
  • Stolen credentials
  • Careless data management (e.g. emailing login credentials)
  • Low awareness of threats by employees
  • Outdated apps or software
  • Loose access or access for too many people

Any of these can allow hackers, malware, or ransomware to gain access to a system. Phishing scams are often successful due to a low awareness by employees about potential threats and lack of training about how to recognize the signs of a scam.

So how do you reduce or eliminate these human-caused security breaches in your organization? Training? Systems? Yes, and yes. In fact, it’s highly likely that your organization already has some security training (maybe) and systems (for sure) in place. They’re important, after all, and they’ll definitely be part of the solution and strategy going forward but I’d like to suggest an approach that ensures human-caused errors are addressed via a more thorough and human-oriented framework.

Addressing Errors Through the Five Fundamentals

The Five Fundamentals (of Attention to Detail) is the core of a system developed to identify, address, and eliminate mistakes and errors and to identify solutions for more complex challenges and even innovation needs. Each Fundamental has multiple components but, for the sake of keeping this article to a reasonable length, I’m keeping the descriptions simple.

The Five Fundamentals(and their simplified descriptions) are:

  • Focus – the ability to sustain focus on a given task/topic and it’s parts
  • Interest – the level of care about said topic
  • Knowledge – education, training, experience
  • Systems – any system or tool that improves the accuracy and consistency of a desired outcome
  • “Right or Wrong” Attitude – clearly defined specifications for the right outcome

Using the System to Eliminate an Error

Think of an error or mistake you’ve been dealing with. It can be an error you make yourself, a mistake an employee makes, or something an entire team or organization struggles with. Pick a concern – a data entry issue, mistakes in reports, carelessness with data management, poor app management or lack of updates; your choice.

If you aren’t sure what the common mistakes are, here’s an exercise you’ll find highly valuable – and it’s exceptionally simple. Get your team together and ask them to write down 3 to 5 mistakes or errors they commonly make or see happening around them. Then, each person should share their list with the group. As they do, write them on a whiteboard. There will be commonalities so put a mark next to those items that get repeated.

Choose from the most common errors and/or the highest value concerns.

Now let’s run it through the system. I’ll discuss this as though we’re addressing the issue for a team of people.

Focus: Is there a chance the error is happening because people are not able to focus properly on the related task at hand? Are there too many distractions in the workplace? Has the task or process been broken down into individual steps or elements?

You are looking for opportunities to enable people to give the important task – and its individual parts — the attention it deserves. A few common solutions in this realm include workspace adjustments that allow for more focused work, the use of headphones, scheduled meetings (instead of random drop-ins), and focused sessions to break issues down to their smallest components.

Interest: The most important questions to ask regarding interest are whether people understand the value and impact of their role for the task and team AND if they understand the value and impact of the task or challenge in question. You may be surprised how they don’t fully understand one or both of those.

Fix those.

Knowledge: This one is easy to understand and easy to address. Does the team know how to correctly perform the task or process? Have they been trained? Can you accelerate their experience somehow?

It is commonly overlooked. It is amazing how often we make the assumption that people have been trained properly.

You might have already recognized that that Interest and Knowledge often go together.

Systems: Systems are often the first approach we turn to when dealing with a mistake or error and they often provide the fastest way to make a noticeable improvement – a reduction in errors, in this case. Systems may include reminders, checklists, form field requirements, process improvements, design improvements, software, and so on.

Systems are not always the best solution, though, and might be best used as a short-term band aid while the team is being trained. You can “system” yourself into sluggishness and bureaucracy so be careful throwing another permanent rule or checklist at everything. I don’t want to deter you from systems, though, because companies and teams need well-thought systems in place. They automate productivity and increase the consistency of desired outcomes.

Right or Wrong (RoW) Attitude: For the sake of simplicity, this is primarily about clarity of what is correct or incorrect. Does everyone on the team fully understand what doing it “right” looks like? You can address this from the top of the organization down to the smallest task. When you look closely at tasks or procedures – especially those where errors are common – you may be surprised at how unclear “right or wrong” actually is.

Beyond Security

The Five Fundamentals framework is fantastic in its simplicity and effectiveness for identifying opportunities and developing solutions for reducing human error. You can also apply it to bigger challenges such as identifying effective security strategies and opportunities for innovation.

Chris Denny is the Founding Principal of Attention to Detail Training, a training and consulting company focused on increasing accuracy and attention to detail, reducing errors, and improving the effectiveness and productivity of teams and initiatives. He can be reached at chris@attentiontodetail.com.

Website: AttentionToDetail.com
Phone: 800-639-1206

Hot Topics

Related Articles