By Heather Randall, PhD, Chief Compliance Officer at TrustCommerce, a Sphere Company
Too often, data breaches occur because of simple, unintentional actions by employees. That’s why implementing cybersecurity best practices is essential for reducing risk and preventing breaches in 2025, when the threat landscape is more sophisticated than ever.
For many of us, it is within our human nature to trust people and want to be helpful, but these inclinations may also lead us into being fooled by bad actors.
Estimates vary on the extent to which human error causes data breaches, but most reports agree that a substantial percentage are tied to employee mistakes.
For example, one report from Verizon found that 74% of data breaches include some human element, such as clicking on a phishing link. In addition, employees may accidentally expose data to bad actors in other ways, such as having incorrect sharing settings or connecting to unsecured Wi-Fi. With hybrid and remote work still the norm, these risks remain elevated.
Separately, a report from Stanford University showed that approximately 88% of all data breaches are caused by an employee mistake. The report also found that nearly 45% of respondents cited distraction as the top reason for falling for a phishing scam, and 57% of remote workers admit they are more distracted when working from home.
GenAI: A Growing Security Challenge
The rise of generative AI (GenAI) has added a new layer of complexity. While GenAI delivers powerful tools that streamline operations, reporting, and customer service, it also opens doors for cybercriminals to exploit. Phishing attacks, now enhanced by AI-generated content, are more convincing than ever, free of obvious grammar errors or suspicious formatting that once served as red flags.
These attacks may use deepfakes, realistic voice cloning, and hyper-personalized messaging across email, text, and video. This makes employee vigilance and regular security awareness training more critical than ever.
Cybersecurity Best Practices for 2025
Following cybersecurity best practices is crucial for effective data breach prevention and securing sensitive information within your company. To protect yourself against the increasing sophistication of data-security threats, here are some important steps that can be taken:
Be skeptical by default. Pause before clicking links or responding to messages even if they appear legitimate.
Provide regular, interactive training for employees that covers phishing simulations, AI-driven scams, and current threat trends.
Create a “speak-up” culture. Encourage employees to report anything suspicious quickly and without fear.
Review and update security controls frequently, including user permissions, MFA settings, and software patches.
Use strong, unique passwords with letters, numbers, and symbols, and enable multi-factor authentication (MFA) everywhere possible.
Keep systems up to date with the latest security patches. Use automatic updates when available.
Limit access to sensitive data and log out of systems when finished — especially on shared devices.
Avoid unsecured Wi-Fi and encrypt sensitive files when sharing information externally.
While it may seem natural to rely solely on technology to prevent breaches, human judgment remains one of the most powerful defenses available. By building systems and processes that support your employees, such as regular access reviews, configuration management, and clear reporting channels, you empower them to recognize and respond to threats faster.
The result? A more informed, vigilant, and resilient organization.
TrustCommerce technology offers businesses of all sizes the confidence of knowing payment transactions are safe and secure, by providing comprehensive risk management and security for sensitive business and cardholder data. To learn more about protecting your organization from data breaches or to schedule a free demo, contact TrustCommerce today.
