Human Errors: A Cybersecurity Concern and the Weakest Link to Small Businesses

Abstract

Cybersecurity is essential for all organizations, especially during this menacing Covid-19 global pandemic. The sudden transition of leaving the offices to work from home – the 'new normal' – has introduced information security-related risks associated with human factors. For example, both criminals and employees use the same platform for information exchange but with starkly different intentions. But both their actions compromise information and computer security. Criminals intentionally exploit systems to gain unauthorized access for their benefit, while employees make careless mistakes, leaving systems exposed and vulnerable. The present study examines human errors influenced by actions, attitudes, and behaviors that affect overall information security. Purposive sampling within the qualitative approach was used to select thirty (30) small business managers. Data was collected using a qualitative online survey as a Google Form. The study used thematic analysis. The results revealed that repeated human mistakes compromise information security principles and render employees the weakest link. The study explained the risks caused by employees due to ignorance or poor decision making, technical-related errors, and skills- and policy-based errors. Even though small businesses do not require a 'one-size-fits-all' security approach, recommendations to reduce human mistakes were made.