Recent blunders have shown that human error remains one of the most prevalent security and data protection risks for businesses of all sizes, regardless of how much money they invest in a security infrastructure, email encryption and secure data storage.
This week a high-profile example hit the headlines when an email error at the 56 Dean Street sexual health clinic in London exposed the names and email addresses of nearly 800 patients signed up to an HIV treatment newsletter.
The newsletter was sent to patients signed up to ‘option E', which allowed them to book appointments and receive test results by email, but a staff member mistakenly sent the newsletter as a group email. It's a prime example of an avoidable data leak.
Another recent case was a third-party recruitment agency working on behalf of HM Revenue & Customs (HMRC) that unwittingly leaked around 300 email addresses of potential recruits in a group email.
HMRC said when contacted by V3: "This email was sent out by a third party acting on our behalf. No other personal data was displayed and we have told the agency to ensure that the technical problems that they experienced do not recur."
HMRC would not elaborate on the source of the leak or reveal exactly how many email addresses were leaked, saying only "about 300".
The incident, reported by The Register, came to light after a source claimed that their email address had been circulated in an email containing "nearly 500 other addresses" of other job applicants.
HRMC reportedly apologised for the error in response to the applicant's complaint. "This is not how we would have wished to communicate the outcome of the process and we would obviously like to rectify this," said the email.
But, as is often the case, the damage was already done.
An email gaffe at holiday company Thomson last month exposed the names, addresses and travel dates of up to 500 customers.
The error occurred on 15 August, and Thomson confirmed to V3 that it was aware of having wrongly exposed "a small number of customers' information".
"The error was identified very quickly and the email was recalled, which was successful in a significant number of cases. We would like to apologise to our customers involved and reassure them that we take data security very seriously," the company said in a statement.
"We are urgently investigating the matter to ensure that this situation will not be repeated."
However, human error does not just affect business. Numerous cases have proved that the government is just as vulnerable to the problem.
UK councils have recorded thousands of data breaches over the past three years, according to a report released by privacy group Big Brother Watch.
The report, compiled using Freedom of Information (FoI) requests, identified 4,236 incidents of sensitive data leaks between April 2011 and April 2014, a rate of almost four a day.
Big Brother Watch listed 628 instances of "incorrect or inappropriate" data being shared by email, letter and fax, 260 cases in which confidential data was lost, and 99 cases of unauthorised people accessing or disclosing data.
Security researchers agree that human error remains a major problem. "It is the simplicity of email that creates a challenge to security teams as it is so easy for them to be sent in error," said Tony Pepper, chief executive at encryption services provider Egress.
"In fact, an FoI request to the Information Commissioner's Office [ICO] at the end of last year showed that 93 percent of reported breaches were due to human error, so Thomson is not alone.
"Mistakes happen. It's a fact of life. Yet organisations need to ensure that they give employees the right tools to work securely, while providing a safety net should they make a mistake."
Luke Brown, vice president and general manager at Digital Guardian, agreed that human error continues to be a risk for business security and that businesses must put training in place to try and mitigate this risk.
"Human error is something that many organisations forget about when working with sensitive data, often to their detriment. It could be misplacing a USB stick or failing to conceal the recipients of a group email," he explained.
"Organisations should be prioritising data protection and aiming to combat human error so that simple mistakes like this don't happen again."
In many of these cases the ICO, which can enforce fines of up to £500,000 for serious data breaches, has become involved.
This should provide an extra incentive for anyone responsible for data protection to keep it secure at all times, even from the humans who are often supposed to guard it.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers