Prevent data breaches with the people-process-tech triangle

March 6, 20184 Minute Read

Select article text below to share directly to Twitter!


Data breaches have surged in volume, severity, and prominence over the past several years, with businesses across all industries leaking information faster than sinking ships. When your ship starts to take on too much water, your IT team will feel ready to cry SOS at any given moment. But it’s hard to know how to prevent data breaches and keep track of the best ways to do so when your news feed is constantly crammed with report after report of new, devastating hacks.

Let’s take a quick look back at the biggest hacks over the last few years: Sony experienced a devastating cyber attack in 2014 that released sensitive, private information into the wild; 32 million users on Ashley Madison had their data exposed as hackers blackmailed the company in 2015; and in 2016, in the most alarming example of how damaging data breaches can be, the Democratic National Committee was hacked in an effort to influence the outcome of the US election.

Clearly, how to prevent data breaches needs to be a top priority for any organization, whether it’s public or private, big or small, a purveyor of cheeseburgers or a seller of luxury clothing. No one is immune from cybersecurity threats, and unfortunately, there are no silver bullet solutions. But the best way to prevent data breaches starts with hitting all points on the people-process-technology triangle.

Familiarize yourself with the people-process-tech triangle

The concept behind the people-process-technology triangle is that multiple factors—or really, types of factors—contribute to the success or failure of IT initiatives. People, of course, refers to the stakeholders in a project, from the leaders at the top to the employees at the lowest level, as well as factors like training and company culture. Humans have the power to make decisions that promote cybersecurity, but they can also make mistakes that create vulnerabilities, providing hackers a way in.

Process refers to the measures in place to guide people—standards, protocols, rules, policies, and structures that reduce the likelihood of human error and promote productivity and efficiency. “Without process […] the people don’t know what to do. Without process, there is no right way to implement technology,” security expert Ira Winkler writes in Computerworld. The third side, technology, refers to the actual products and services deployed to keep hackers at bay, such as firewalls and anomaly detection systems.

In thinking about how to prevent data breaches, each one of these sides is critically important. If one side is weak, the others crumble. Comprehensive educational campaigns on cybersecurity best practices won’t matter if people don’t have up-to-date technology tools or if every employee does their own thing when it comes to protecting their data. The most sophisticated technology will fail if people don’t use it properly or make preventable mistakes. On top of that, clearly outlined processes will fall short without buy-in from the people who need to adhere to them or tools that can compete against sophisticated attacks. Every side is dependent on the support of the others.

Learn how to prevent data breaches

Printers with built-in security features are a great example of why the people-process-technology triangle works, especially when considering how to prevent data breaches. According to a survey sponsored by HP on Spiceworks, printers are a major—yet often overlooked—source of vulnerabilities, right down to the print queue. The numbers don’t do any sugar-coating: While 83 percent of respondents utilize network security on computers and 55 percent on mobile devices, only 41 percent prioritize network security on their printers. When it comes to endpoint security, that number shrinks to 28 percent.

People, process, and technology all contribute to printer insecurity. A lack of employee awareness creates an insider threat—and since printer security is often overlooked, most organizations’ security policies fail to include the security of network-connected printers.

Printers with built-in security features help address the technology prong. For example, HP printers come with self-healing security features and include embedded protections against viruses and malware. While a step forward, these security capabilities only represent one side of the triangle. You’ll want to couple use of the printers with security best practices, like user authentication, encrypting data as it goes to and from the printers, and ensuring sensitive or classified documents aren’t left around in trays.

Address the people problem

While technology and process are controllable factors, people are not, which is why Michael Howard, HP’s chief security advisor, believes that humans remain the largest data security vulnerability.

“Without security being top of mind, clicking links from unknown senders or downloading a coupon seems harmless,” he wrote. “Holding the door open to allow an unknown person to follow you into the building seems courteous. But these seemingly innocent activities introduce risk. When IT isn’t actively sounding the alarm, employees aren’t actively protecting the business.”

In thinking how to prevent data breaches, employees and security professionals need to work together. Employees must exercise caution when clicking on emails, using the tools at their disposal, and following security guidelines and encryption policies. You can promote best practices by implementing awareness campaigns within your business, rewarding good behavior, sharing the impact of the losses, and demystifying IT.

Ultimately, all three sides of the triangle are important, but reinforcing the people side requires constant vigilance and constant action. Technology has to be balanced with security-aware employees and effective processes.

  • Recommended for you
  • Recommended for You