As technology in industry improves, many employees are being provided with more and more advanced devices and software to help for a more efficient workplace. From unified portals to mobile devices, employees are often given shiny new tools to work with all the time; but do they know how to use them safely?
A significant proportion of data breaches can result from employee mistakes: from accidental emails being sent, to uploading information online, and hackers targeting vulnerabilities to gain entry into customer databases. Cybersecurity experts have long identified employees as one of the weakest links when it comes to securing data in organisations.
Employees must learn!
Employees need to be educated on cybersecurity and learn how to use cyber tools without leaving ‘doors’ open to unwanted visitors, and they need to learn about the consequences that would follow in the event of a breach.
Countless times employees have breached data protection rules by accident: uploading personal data; losing login details; losing physical files; leaving information out; falling victim to phishing emails; downloading hidden malware; the list goes on… These can all expose personal data to criminals who can and will take advantage of any opportunity.
Preventable incidents
A lot of these incidents are entirely preventable and come about as a result of carelessness and ignorance. Employees often don’t realise the implications of their actions and how badly it can cost their company – and themselves – a great deal of money.
In serious cases, employees can be dismissed and even imprisoned for a breach.
A worrying statistic reportedly shows that 1 in 12 people have access to confidential information they shouldn’t have. Too many organisations are perhaps not investing the time and resources to provide specific access for those with the necessary authorisation.
Telecommunications firms have previously been criticised for giving their employees access to full customer contact details, which can be deemed as unnecessary.
Increasing trends of deliberate breaches
Cybersecurity researchers are noticing increasing trends in employees knowingly breaking company policy on data security; through things like curiosity or personal reasons.
A number of NHS staff have recently been dismissed and fined for snooping on medical records belonging to friends and family – purely out of intrigue! Others may have more noble intentions, like taking work home without authorisation to finish up on it, but this can still put an organisation at risk in case the files are leaked or stolen.
Only after data breaches like this are discovered do organisations often then bring in extra training and warnings as a post-response. When in reality, data protection and education needs to be implemented prior to a breach happening.
Will the new rules change things?
The General Data Protection Regulation (GDPR) are to be enforced in less than a year, bringing with them incredible powers to sanction companies that breach data protection duties.
Faced with a maximum fine of 20,000 Euros, or up to 4% of the company’s annual turnover (whichever is the larger figure), companies need to invest time and resources in educating their employees on the importance of data protection and how to uphold their responsibilities.
Or else suffer the consequences of having a stagnant data breach policy!