Protecting Against the Top Cause of Data Breaches: Human Error

Data Breach Prevention And Cybersecurity Best Practices Guide

By Heather Randall, PhD, Chief Compliance Officer at TrustCommerce, a Sphere Company

Too often, data breaches occur as a result of unintended actions taken by employees. That’s why implementing cybersecurity best practices is essential for data breach prevention, to minimize the risks associated with human error.

For many of us, it is within our human nature to trust people and want to be helpful, but these inclinations may also lead us into being fooled by bad actors.

Estimates vary on the extent to which human error is the cause of data breaches, but most reports indicate a substantial percentage are the result of human mistakes.

For example, one report from Verizon found that 74% of data breaches include some human element, such as clicking on a phishing link. In addition, employees may accidentally expose data to bad actors in other ways, such as having incorrect sharing settings or connecting to unsecured Wi-Fi. As remote work becomes more prevalent, these threats rise.

Separately, a report from Stanford University showed that approximately 88% of all data breaches are caused by an employee mistake. The report also found that nearly 45% of respondents cited distraction as the top reason for falling for a phishing scam, and 57% of remote workers admit they are more distracted when working from home.

GenAI: A new threat for breaches
The growth of generative artificial intelligence (GenAI) has only complicated the picture. While GenAI no doubt possesses positive potential to deliver new tools that simplify back-office operations, reporting, customer service and more, it offers new ways for bad actors to illegally access sensitive data. AI will no doubt increase the quantity – and unfortunately, quality – of criminals’ phishing scams, as Harvard Business Review has reported.

AI-generated phishing attacks, which may involve deepfakes and arrive through emails, texts, voice messages and videos, allow for more targeted attacks on employees, with more sophisticated messages that are free from easily identifiable typos, errors, and other mistakes.

Use cybersecurity best practices to protect your organization

Following cybersecurity best practices is crucial for effective data breach prevention and securing sensitive information within your company. To protect yourself against the increasing sophistication of data-security threats, here are some important steps that can be taken:

  • Be more suspicious of potential bad actors, instead of accepting emails or other communications at face value.
  • Provide comprehensive training to employees on cybersecurity best practices.
  • Speak up if something seems unusual. Be clear and transparent in reporting around data security.
  • Data security is not a “set-it-and-forget-it” process. Security settings sometimes require frequent review and updates, and employees need ongoing education.
  • Use complex passwords with a combination of letters, numbers, and symbols. Enable multi-factor authentication, which adds an extra layer of security beyond just a password.
  • Ensure that all software, operating systems, and devices are up-to-date with the latest security patches. Turn on automatic updates to avoid missing important security patches.
  • Limit access to sensitive data by only accessing or handling that data when absolutely necessary. Log out of accounts when finished, especially on shared or public devices.
  • Avoid using unsecured or public Wi-Fi networks when accessing company systems. Encrypt sensitive files and ensure secure file-sharing protocols.


While it may seem like an obvious answer to rely on technology to avoid potential data breaches, one of the most effective tools at our disposal is human judgement.  By creating systems and processes to help manage tools effectively, like regular access reviews and managing system configurations, providing training, awareness, and better reporting tools, we can empower our employees to more effectively identify potential social engineering attempts and improve our security culture.  The end result is an informed, empowered, and more protected organization.

TrustCommerce technology offers businesses of all sizes the confidence of knowing payment transactions are safe and secure, by providing comprehensive risk management and security for sensitive business and cardholder data. To learn more about protecting your organization from data breaches or to schedule a free demo, contact TrustCommerce today.

Related Content