The Most Common Employee Mistakes in the Workplace That Lead to Security Breaches Say no to plagiarism. Get a tailor-made essay on "Why Violent Video Games Shouldn't Be Banned"? Get an Original Essay Employee may fall victim to a phishing scam An employee will receive an email from fraudulent sources or an individual hacker attempting to trick them into downloading malicious files or clicking on a link to a site loaded with exploits . For example, the hacker can create phishing pages such as Facebook, Gmail, or some bank account login pages. Where the user can enter his login information and those pages will stay in the web hosts and run some backend scripts that send the user's login information to the hacker. Cause: According to Verizon Data Breach Investigations in 2016, 30% of these messages were opened and 13% of employees opened a malicious attachment or link. (Brown, 2016) Why Stolen Laptops Still Cause Data BreachesLoss of electrical devices or theft is the most likely breach method. for example, loss of USB, hard drives, laptops etc. This includes compromising or deleting sensitive service data. (Jonathan, 2016) Abuse of privilege: Abuse of privileged accounts tops the list of the most dangerous threat patterns. It is relatively easy for insiders to steal sensitive data, but it can take months or even years for organizations to detect and investigate such incidents. Most common scenarios Whether the threat actor is a disgruntled former employee or a staff member seeking financial gain, abuse of privilege that leads to security breaches tends to conform to only a few patterns. By analyzing security incidents that have made headlines in recent years, we have identified the four most common scenarios of how insiders can actually access sensitive data: Privilege escalation: An insider deliberately increases their access level to gain greater access rights . Unauthorized access: An extension gains access to another user's account, either by stealing or by mistake. Abuse of privilege: An insider uses legitimate access to systems and data to perform malicious activities. Human error: An extension unintentionally or deliberately uses access rights that were granted by mistake or negligence. (Jeff, 2017) Security Failure: There has been an explosion of new healthcare, financial, and government applications in recent years resulting in more and more encryption being added to backend applications. In most cases, this cryptographic code is implemented incorrectly Error #. 1: Assume your developers are security experts: Unfortunately, when it comes to properly implementing encryption, you don't get a second chance. While a typical developer error might cause a failure on a web page, a failure in your data security pipeline can put all your sensitive data at risk. What's worse is that you won't discover the mistake for months or even years, until your organization is attacked. And by then it will be too late. Error no. Tip #2: Trust cloud providers to protect your data The physical infrastructure that most cloud providers rely on is secure, and some even offer encryption options. However, they always advise developers to encrypt their sensitive data before storing it in the cloud. Amazon Web Services (AWS) emphasizes that data encryption is the customer's responsibility, not theirs. (Yaron)Password:Cybercriminals find the path of least resistance to their goal and today that,2014)