Menu Close

3 rarely discussed ways to mitigate the risk of human error leading to privacy breaches

I find the phrase “human error” which is often used after a privacy breach, very disappointing. 

Somehow there’s a sort of fatalistic acceptance that no one can do anything about “human error”. In fact, humans have been coming up with solutions to human error, forever. 

We suggest you could:

1. Ensure your organisation has trained everyone, effectively, on the applications they are required to use. 

When ROI Solutions first began in 2004, we provided a service designed to lift productivity. 

We trained users in a non-threatening and very effective way which was face-to-face, and not classroom based. The training used a highly tailored methodology to improve skills on desktop applications, ie Microsoft Outlook, Excel, Word, PowerPoint, and some others.

Feedback received was outstanding and I have no doubt we could sell the same service today and would receive the same feedback.

We believe the number of people in today’s workforce who don’t know how to use either their desktop applications and/or other key applications they need at work, is staggering.

There have been privacy breaches due to a user sending an Outlook email without using bcc to mask addresses.  It is actually likely, rather than unlikely, that there will be a privacy breach if users have not had effective training on Outlook.

There have also been privacy breaches due to the misuse of survey programs. If your organisation is running “freeware” ie there is no cost for the software and it doesn’t have support, your users may not have the skills they need to be distributing a survey as they’ve had no effective training.

“Human error” is so often cited as the reason for privacy breaches. The real human error here, is not providing adequate training and support to technology users.

2. Ensure your organisation is not working in silos to support staff with privacy and information security awareness.

There are many organisations with teams employed to work on privacy, information security, legal, risk, learning and development, etc, which work quite independently.

If your organisation invests in teams which are responsible for providing support to mitigate privacy risk, those teams need to work together and communicate clearly, to avoid gaps in what should be an organisation-wide strategy. 

If this is not happening now, even one meeting a month between the senior leaders across those teams to share information, would improve risk management.

The real human error here, is not providing the leadership required to eliminate a siloed approach.

3. Ensure your organisational culture supports staff with breaks between meetings and other work to relieve pressure.

You’d think this would be obvious, but we know of organisations where people don’t have time for a glass of water, or a toilet break, between Zoom/Teams meetings. 

The click of a mouse in a split second, can cause enormous harms due to a privacy breach. If people are working under pressure for long periods, as with points 1 and 2 it’s likely, rather than unlikely, you will experience a privacy breach later explained as being due to human error.

Staff shortages occurring now in our workplaces and a workforce with high turnover creates a perfect storm for error.  New staff play catch up trying to cover a workload which may have been backed up for months. For people adjusting to new roles and relationships at work, it’s a time when the risk of mistakes is high.

All calendars should include a 10-15 mins break between meetings. An organisational requirement that meetings are not booked over lunch, or back to back, is a simple cultural change you could expect to be welcomed, rather than resisted. It also supports retention of staff and wellbeing.

The real human error here, is not leading a healthy workplace and culture.

There are many types of human risks in our organisations which can be mitigated with thought, preparation and committed leadership.

What are you doing in your organisation about these risks?

If you’ve found these ideas helpful, please give our newsletter a like and/or follow us on LinkedIn.