Data breaches are not always the work of outside hackers. In this, and many other cases, employees are guilty of causing the breaches.
It’s a point that must be reiterated as some people are unaware of the actual statistics. In one example, a former employee took more than 10,000 records with him when he left a company in November 2015 triggering a breach of monumental proportions.
Nature of the data breach
The former governmental employee took over 10,000 records by copying the data onto two pen drives, and regulators notified the government of the ‘major security incident’. A review of the breach took place in August 2016 following a change in policy that prevented employees from transferring information onto a removable drive unless approved by a supervisor.
This is a clear data breach and potentially puts thousands of people’s personal data at risk.
Investigation
The authority responsible for investigating the matter concluded that the unauthorised access was classified as a ‘major incident’ but went on to say that there was no evidence to suggest that the information had been disclosed to the public or misused in anyway.
Although the investigation team gives its assurances, it goes to show that data breaches can happen anywhere, at any time, and by anyone. This case goes to show that many individuals are vulnerable to these ‘insider jobs’ and it’s a scary thought that many could have unauthorised access to our personal data. If organisations like the government cannot adequately secure our personal data, who can?
Although the data breach was apparently not high risk to the government, in practice, it still highlights the fact that companies and organisations are not doing enough to prevent unauthorised access to personal data, leading to data breaches. This may not be an isolated event – investigators highlighted the data transferred by the former employee, but there is shortly going to be a review of other files.
Policies to secure our personal data
It begs the question – will our data ever be secure? The stark truth is probably not.
If companies and organisations do not have stringent data protection procedures in place, the risk of a data breach increases.
It’s no use that companies and organisations are reactive to data protection; they should always be proactive and on guard in our view. Policies and technical safeguards have been implemented in response to the ‘major incident’. These policies and safeguards will probably never be 100 per cent foolproof. Somewhere down the line, employees, organisations, or even outside cyber-hackers may circumvent these rules. In response to this, greater penalties should be imposed.
Data protection necessary now more than ever
Data breaches have spiked in recent years, which could be due to a number of problems, but the one that arguably has the greatest contribution is the lack of cybersecurity and procedures enforced. By having a relaxed attitude towards data protection, businesses and organisations are effectively allowing personal data to be accessed by unauthorised persons, either an insider or otherwise.
Until businesses and organisations pluck up their ideas and seek to implement maximum security protection, personal data is at risk of unauthorised access, whether lost or stolen. This highlights the digital era that we are in, one that questions the security of our personal data.