The human factor in cyber security: Tired Thomas
A mishap is just around the corner – we all make mistakes. One might be a little more sensitive to this than the other. Mistakes make us human and these do not always have a detrimental impact. That is, until it concerns data security, because then, it becomes a whole other story.
If mistakes are waiting to happen when transferring and sharing sensitive data, then the chance that any one person within the organization makes a mistake is much greater. Regardless of whether someone has a talent for attracting misfortune or was born with two left feet. An email to the wrong recipient or sending the wrong attachment can emerge out of hastiness, exhaustion or even self-confidence. Because of course, you sending an email to a particular relation is a common case right?
In this “Meet the team”-series, you will meet the employees whom are at a higher risk of making a human error and in turn pose a threat to your data security. Learn to recognize why they make mistakes and more importantly so: how you can support them by being a part of the security strategy within the organization.
Today, we introduce Tired Thomas: the employee who lacks sleep.
What makes Thomas vulnerable in secure communication
Thomas is the Financial Controller at a big accountancy firm. His workdays are long, but his nights too short unfortunately. As a result of working from home, the balance between work and his private life has become immensely skewed. This causes him to frequently work overtime and eat lunch at his desk, in order to finish his work on time.
He takes responsibility of what he does and does not want to disappoint his teammates: at the end of the day, he makes decisions which many are dependent on. Unfortunately, this does cost him his rest and energy and that is what makes Thomas vulnerable.
The danger of tiredness
Lack of sleep does not do Thomas any good and that is highlighted by the following:
- Sluggish input at work, results in him failing to be aware that he is more likely to make mistakes than he realises.
- Breaks that get skipped. Due to this, he loses focus and is disordered in e.g. his communication via e-mail.
- Irritations concerning small things during daily work affairs. Some work processes are therefore experienced as annoying
Fatigue and the exchange of sensitive information do not go hand in hand/well together. Thomas thus forms a serious threat when it comes to a potential data leak:
- Due to a lack of attention he is more likely to send an e-mail to the wrong recipient
- In his haste, it is possible for him to attach the wrong file to an email or
- Instead of BCC, he uses CC
How can we help Thomas?The most important thing for Thomas is that he stays alert, regardless of his sleeping pattern. As this seems difficult from his side, it is possible to resolve this through integrated awareness from within the systems he works with. This way, an extra check on recipients and attachments before sending an email will help him and a CC-notification will ensure he uses the BCC-function at the appropriate time.
Next week we will continue with the next employee in this series: Busy Boris. Always being tuned in and keeping busy can cause things to go wrong when it comes to data security. How exactly, you will read next week!
3 best practices to prevent data leaks