Real Life: Human Error Most Likely Downfall For IT Systems
We spend a lot of time talking about how to protect your IT systems, preventing incidents, hacks or leaks. In fact, the technology is now so good at this job that the majority of big IT and data issues experienced by the companies who take security seriously are the result of human error. In fact, of the 335 of data breaches between April and June this year, 175 (that’s just over half) of them were attributed to ‘human error’. This is largely because humans, unlike machines, cannot be programmed and do tend to make mistakes. Case in point – last weeks’ escapades with an NHS email.
What Happened To The NHS?
On the 14of of November, one person within the NHS IT department made a fatal error. While testing the email system after some complaints about accounts being slow or having issues, they sent out a test email. Unfortunately, rather than sending this out to just the affected accounts, a bug in the system meant it was sent to all the NHS’s staff in England. All 840,000 of them. Moments after hitting the send button the technician realised what had happened and their mistake in not checking the addresses before sendig, but the mass action had already started to clog up the system. The problem was exacerbated by thousands of users who received the email hitting ‘reply all’ and asking to be unsubscribed. Although the distribution list was disabled within an hour, users continued to have problems with the system. All in all, it’s estimated that nearly 200 million unnecessary emails were sent in the first 4 hours, with more being sent throughout the day as colleagues begged to be taken off the list and have their email returned to normal.
While this might seem like a harmless, if slightly annoying, mistake, it could have very serious consequences. While many NHS staff were just frustrated with their emails, others were unable to send or receive crucial information. One doctor commented ‘My NHS email is very important to me because it’s the only secure way I can send and receive anything safely about my patients. So, this is a major problem [and] potentially a risk to patients.’ Because the system is principally used by GP surgeries and community care workers, thousands of healthcare professionals who rely on their emails to exchange vital patient information were left stranded and unable to access the data they needed.
Learning From Other’s Mistakes
But there is a bright side. The NHS essentially carried out a DDoS (Distributed Denial of Service) attack on themselves, exposing a weak point in their secure mail server that has now been fixed. Other companies and IT providers can now use this high-profile mistake as a way of ensuring the same thing does not happen to them, providing better service to their employees and customers. When it comes to IT there is always value in learning from the mistakes of others, and this simple mistake that combines a system bug with human error is a huge eye opener. Bugs in systems do happen, but often the effects are amplified by simple human error. To reduce the amount of ‘human error’ incidents, you need to have good systems in place and a highly educated IT engineer who can deliver the right training to other employees.
Not sure if your systems can stand up to bugs? Do your employees understand how to avoid making basic mistakes that could snowball into disaster? If not, get in touch with us today for consultation, system analysis and training.