Data Breaches: Leading Causes & How to Avoid Them
According to both Cisco and Microsoft, 50 billion connected devices will exist by the year 2020. Intel estimates that number at 200 billion.  With the rise of connected devices, cyber security concerns have increased as well. Let’s face it — the last few years have seen some of the largest data breaches of our time, including Yahoo, Foursquare, Ashley Madison, Target, Twitter… the list goes on. It is no surprise that data security has become a top priority amongst users and companies.
Considering all that has happened in the cybersecurity world, it’s easy to create hysteria around data security. But while caution is encouraged, frenzy can halt innovation. The collection, distribution and usage of data brings enormous value to companies and individuals. A gripping fear of data theft can keep innovation at bay.
Only a few years ago there were similar fears about online payments. Before the explosion of e-commerce, many individuals were wary of submitting credit card information over the Internet for fear of being hacked and bank accounts being drained. Yet, once the stigma was overcome, and e-payment was proven a secure method, it opened up a myriad of channels for companies to sell, for consumers to buy, and for everyone to innovate.
To dispel fear and empower individuals, we are shedding light on the leading cause of data breaches, and why technology is not inherently to blame.
According to the Identity Theft Resource Center (ITRC), the leading cause of data breaches is hacking, skimming or phishing, which accounted for 55.5% of all data breaches in 2016, followed by email or Internet attacks at 9.2% of all breaches, and employee error at 8.7%. 
Looking at the latter two causes, it is obvious that human error is at play. Fighting Identity Crime defines employee error as a breach due to the “unintended exposure of information as a result of an error made by an employee,” and defines accidental Internet exposure as a breach due to “exposure of information as a result of unintended access to the Internet.”  In both these cases, lack of human attention and caution often leads to successful hacks.
Though not as obvious, the leading cause for data breaches, hacking, skimming or phishing can also be attributed to human error. Hacking occurs when a computer system is hostilely taken over and information is extracted involuntarily. Hacking is a more complex approach to data breaching than skimming or phishing because it uses exploits to gain access to secure information. Skimming happens when scammers install malware at ATMs and other credit card readers that steal personal information when unsuspecting individuals use the devices. Phishing, by definition, is a type of hacking that involves sending unsuspecting individuals trick emails. Accidentally opening these emails form vulnerable gaps that allow hackers to infiltrate secure systems.
Reuters has reported that, “the vast majority of hacking attacks are successful because employees click on links in tainted emails, companies fail to apply available patches to known software flaws, or technicians do not configure properly.”  We can see how human error has enabled the increase of successful hacking and data breaches, with employees clicking on insecure links and companies not introducing proper preventative security measures.
As we have seen, human error has a hand in 73.4% of all data breaches.* To help prevent future data breaches from occurring, we can educate ourselves and institute best practices to minimize risk. Here are some tips to get started:
- Implement techniques to fortify privacy such as two-factor authentication
- Provide employees with training on phishing attacks
- Ensure operating systems and other software are up-to date with security measures
- Limit and permission access to a select few where data is involved
- Conduct frequent security checks and reviews on all internal systems such as “red teaming” — purposefully attacking your systems to see how strong they are.
As Marie Curie once said, “Nothing in life is to be feared, it is only to be understood. Now is the time to understand more, so that we may fear less.”
*73.4% equals the addition of 55.5% hacking, skimming or phishing breaches, 9.2% of email or Internet exposure, and 8.7% of employee error