Human error. Our greatest vulnerability.
February 02, 2015
History is a vast early warning system.
Ask yourself how often a cyber-security, data protection or privacy related issue was mainstream headline news last year and you will begin to lose count very quickly – it is no surprise that 2014 was another fertile year of activity at the Information Commissioner’s Office (ICO).
These issues are more relevant and topical than ever before. The government, the public, the regulators, corporate executives and the media all recognise this. But increased awareness, regulation and activity - whilst welcome - can only go so far. This is because human beings are one of businesses’ greatest vulnerabilities; a threat confirmed by analysis of the ICO enforcement action in 2014.
Look at undertakings. What can be done to stop a patient handover sheet being left in a train station, a psychiatrist losing his briefcase cycling home from work, or a solicitor dropping sensitive papers in the street? Self-evidently, the answer is very little. Human error was one of the most frequent components in the chain of events that lead to the ICO issuing an undertaking last year. Not coincidentally, where there was human error there was habitually a lack of training and/or policy within the organisation at fault – clear lessons to be learned here.
The critical issue is: how do we guard against our own primitive human weaknesses? Because it isn’t just about one off mistakes. Parklife Manchester Limited was fined £70,000 for disguising direct marketing text messages to festival goers as sent from ‘Mum’, causing substantial distress to recipients who have lost loved ones. This was a considered and malicious choice taken by a group of people - human decision makers.
To put it another way, over 50% of fatal plane crashes in the last half century can be attributed to pilot error, a metaphor that shows we will never extinguish human mistakes. Indeed, there will always be individuals who don’t stick to the rules in any walk of life.
2014 tells us that the most effective way to address the problem of human error is with robust training and policies around data protection, privacy and cyber security. The public, businesses and, most importantly, regulators demand it.
But we also need to remain vigilant, because even as the policies of multinational corporations become more sophisticated and their security architecture increasingly complex and cyber secure, a great threat still lies within. Inconspicuous and unforeseeable human error can be the greatest threat.
Complacency is precarious.
You have been warned…