Information Security

Make No Mistake: Human Error Contributes to Cyber Incidents

Nobody’s perfect. We all make mistakes — and hopefully learn and grow from them. Some mistakes, however, have greater consequences than others.

Human error, whether unintentional or the result of inaction, contributes significantly to adverse cyber incidents. This year, Verizon and IBM reported human error contributed to more than 80 percent of cyber incidents. Past examples of these errors include:

n Network user access not managed as needed. Overly permissive networks allow broad access to the network and impair security protocols, which can exacerbate a data breach like the Capital One incident in 2019.

n Systems not effectively patched and updated. Equifax’s massive data breach and the WannaCry ransomware attacks on Nissan Motor Manufacturing UK, FedEx, and others can be attributed to flawed system patching by personnel.

n Employees unaware of cyber risks and threats. Sony Pictures experienced a breach in 2014, which was attributed to a phishing campaign targeting employees. Recognizing malicious emails is key to preventing phishing attacks.

Though the Postal Service™ can’t eliminate human error, our employees can reduce associated risks through a few simple actions:

n Review network users’ access to applications and systems periodically. Managers must ensure their staff’s permissions align with their current role. Access must be modified when roles change or immediately terminated if separation occurs.

n Ensure applications, software, and devices are up-to-date. Routine patching and security updates, including software, hardware, and operating systems for information systems and devices, are critical to network security.

n Engage in CyberSafe learning opportunities. Cybersecurity training improves an employee’s ability to identify evolving cybersecurity risks and stop cyberthreats before they occur.

To learn more about cybersecurity, visit the CyberSafe at USPS® site at blue.usps.gov/cyber.