Poor error culture paves the way for ransomware

top cybersecurity companies

Many employees hide major application errors, even if they cause important data in cloud-based applications such as Microsoft Office 365 to be lost. A better error culture could avert these dangers.

Out of fear and shame, employees cover up gross errors with data and endanger security in the cloud, so companies do not only lose data through ransomware attacks. This was the result of a study by Veritas, for which a total of 11,500 office workers in Germany and worldwide were surveyed. In this country, more than half (54 percent) have accidentally deleted shared data such as Word or Excel documents and presentations. 23 percent of those surveyed did this several times a week, and a fifth even daily.

The errors also occur with business-critical information: According to the survey, 14 percent of the German study participants have accidentally deleted personal data. HR information was affected in 18 percent – such as information on employees and employment relationships – and customer data was lost in 16 percent of the cases.

“Companies must not blame their employees if they accidentally delete this information or if they accidentally allow hackers to hijack data,” urges Eric Waltert, Regional VP DACH at Veritas. “There is often only a short window of time to rescue deleted or damaged data in the cloud. Managers should educate their employees and train them to report such cases to the IT team as soon as possible so that they can act immediately. From our study it is clear that punishment would be the wrong way to go here. “

Employees are ashamed to admit mistakes

The study found that application errors often do not come to light at all. For example, 40 percent of survey participants in Germany try to cover up the fact that they like shared data from cloud applications Office 365 or Google Accidentally deleted docs. 37 percent said that no one noticed their mistake. In the vast majority (63 percent), however, the errors were discovered. In 16 percent of all incidents, the data was lost forever.

When asked why they did not admit the mistakes, 35 percent of those questioned answered that they were ashamed. 17 percent said they feared personal consequences. Seven percent cited the reason that they had already had trouble with their IT department.

In the case of ransomware incidents, even more is kept secret: only 32 percent of respondents in Germany would immediately admit errors that made it possible to smuggle in ransomware. 38 percent would not do anything about it and pretend nothing had happened. And 23 percent said they would report the incident – but without admitting that they had anything to do with it.

Loss of data leads to anger and despair

If data that is shared in the cloud is lost, this can seriously impair the well-being of employees: 42 percent of the Germans surveyed say they swear when they lose data. Eleven percent have even broken something out of anger, and 15 percent have burst into tears. The loss of important work documents is a particularly stressful experience for employees. According to the survey, such an incident is perceived as more stressful than an interview. Even worse, respondents feel that they are responsible for infiltrating ransomware. Only the loss of a cell phone, keychain or wallet would make them even more troubled.

“Employees now depend on cloud-based technologies to get their work done,” says Waltert. “In Germany, 38 percent of office workers save data in cloud folders that IT has created for them. 23 percent use folders that are synchronized with the cloud and 19 percent store information in cloud folders that they share with their teams. The more employees access the cloud, the more opportunities individuals have to shift the blame on to others. However, without knowing the details of who caused a ransomware attack, how and when, it is extremely difficult to limit the damage. “

Lack of knowledge of how the cloud works

The investigation also showed that many employees do not know whether and how lost data can be recovered. Almost all participants in Germany (94 percent) believe that this is possible – either with the help of a cloud copy, their folder for deleted objects or a backup. And eight percent think that their “deleted objects” will still be available in the cloud for up to a year after the data has been lost.

In addition, 41 percent of those surveyed consider data in the cloud to be relatively well protected against ransomware because the cloud provider is responsible for ensuring that no malware is smuggled in, Waltert quotes from the study. “This is a fundamentally false assumption that will endanger businesses if it is not addressed. As a rule, the cloud providers also make it clear with their standard services that the company is responsible for protecting its data. Storing data in the cloud doesn’t automatically make it secure. “

According to the study, every office worker accidentally lost an average of 27 documents in the past year. This illustrates the extent of the problem when using cloud applications. “More than every second user has accidentally deleted a file in the cloud and was unable to retrieve it. This puts employees in extremely stressful situations, and they often try to cover up their mistakes out of shame or fear. Some believe that it is no problem for the cloud provider to restore the data. But the service provider is not responsible for the security of the data. The user company is responsible – regardless of whether the information is stored in the cloud or on the employees’ devices. With the right measures and easy-to-use lost file recovery tools, companies can take a lot of the pressure off their employees. Assigning blame doesn’t help – but correctly backing up the data does. “

Leave a Reply

Your email address will not be published.