Help prevent user-error security breaches

As written on blogs.office.com

According to the Association of Corporate Counsel, unintentional employee error is the top cause of data breaches. And with 87 percent of IT professionals concerned about the security of cloud data, according to a Dimensional Research survey conducted for Druva, it’s easy to feel vulnerable. Preventing these unintentional errors can help keep your data protected.

The problem—simple passwords

Simple or reused passwords open the door to hackers. According to SplashData, the top five worst passwords of 2015 were:

1. 123456

2. password

3. 12345678

4. qwerty

5. 12345

But even a great password can pose problems when used on multiple sites. Hackers know that people like to reuse passwords, so when they crack one, they test it on multiple sites, especially those that may contain higher value information.

Your solution—Educate employees on how to create a strong password. Then put a policy in place to ensure passwords meet minimum complexity requirements and require that users change them often. Also, encourage secure password-keeping practices such as using third-party services that store passwords in the cloud and secure them all with a master password.

The problem—falling for phishing

According to a Verizon Data Breach report, phishing is the second most common threat and is implicated in around a quarter of all data breaches. If a phishing message ends up in an employee’s inbox, there’s a good chance they will click the link.

Your solution—In addition to top-notch security and secure email filters, encourage users to report suspicious-looking messages—similar to reporting junk mail. Once reviewed and identified as a threat, add these messages to service-wide filters.

In Exchange Online, Email Safety Tips provide an additional layer of protection with a warning to the user in messages that are marked suspicious.

The problem—BYOD practices

Bring-your-own-device (BYOD) policies are widely used in today’s business landscape, but employees accessing sensitive information from personal devices can open the door to security threats. According to research from the Ponemon Institute, a total of 67 percent of respondents cited employees using their devices to access company data as likely or certainly the cause of data breaches.

Your solution—Create clear BYOD policies and educate employees on how to follow these guidelines—including what’s at risk if they’re ignored. For additional layers of security, require the use of approved secure mobile apps and multi-factor authentication when accessing company information.

The problem—lost or stolen devices

Lost devices are another leading cause of data breaches. And not just employee-owned devices—even your company’s devices are at risk, leaving your organization exposed to threats if they are lost or stolen.

Your solution—Educate employees on proper device security on- and off-premises, and instruct them to report lost devices as soon as possible. Enable security policies to ensure you can remotely access, locate and wipe a device if necessary.

Continually educate employees to minimize risk of common user-error breaches. Security features available with Office 365 help mitigate the risks introduced by employees. Data Loss Prevention (DLP) proactively scans emails and notifies users before they send sensitive information. Information Rights Management (IRM) allows you to control email access permissions to keep unauthorized people from printing, forwarding or copying sensitive information. Additionally, Office 365 gives you the option to use Microsoft Defender to safeguard mailboxes against sophisticated attacks in real time.