Online attacks and data hacks are rarely out of the news. But, despite the threat from cybercriminals, data released under the Freedom of Information Act reveals that human error is seven times more likely to cause data protection breaches than hackers.
Here at Cloud Geeni we’ve looked at some of the most common every-day risks when it comes to data privacy infringements. So, what can your business do to protect its operations, reputation and bottom line?
Today, more and more employers are allowing their staff to work remotely. And, while this has lots of positive benefits, removing personal and sensitive data from the office does generate additional data security risks. Merely leaving a laptop open when working on a train could result in a severe data breach. In fact, according to iPass, your remote/mobile workforce is the biggest threat to your business’s data security.
To help to prevent data loss or theft, you must put robust policies and procedures in place. Things like Two Factor Authentication (2FA), adequate password controls, implementing antivirus software, and the ability to quickly remove sensitive data from devices remotely (e.g. via a hosted desktop) can help to reduce the risk.
According to research,  a whopping 94% of organisations have experienced either phishing or spear phishing attacks in the past 12 months. So, making sure that your employees know how to recognise such scams is vital.
However, criminals are getting more sophisticated, and sometimes it’s almost impossible to tell a fake email from a real one. As such, you should also look at how else you can improve your resilience against phishing. For example, by implementing anti-spoofing controls such as DMARC, SPF and DKIM.
Handling personal data
Without adequate security measures, it’s easy to see how printed information left on a desk could be viewed or stolen. But even unattended computers are a threat – because if someone sits at a desk other than their own, they could get access to data that they are not authorised to see. To protect your business from this threat, implement a ‘Clear Desk and Screen’ policy and ensure your employees abide by it.
If personal and sensitive data is not correctly disposed of, it can fall into the wrong hands. As such, your organisation should correctly destroy and get rid of all confidential waste (e.g. via a corporate shredding policy and media destruction service).
Unauthorised systems, apps and devices
Systems, apps and devices that are not effectively managed are vulnerable to attack. So it’s vital that you establish what devices and applications your employees can use. It’s also essential to prevent employees from installing unauthorised software onto their work devices to avoid the risk of malware, ransomware etc.
Also, where people are using their personal devices to access confidential info, you should create a BYOD policy to confirm what devices and applications are allowed to access your network, where and how it can be accessed, and the consequences of breaching the policy.
According to the Information Commissioner’s Office (ICO), most security breaches happen because of distractions or mistakes. For example, it’s all too easy to send an email to multiple customers without using the blind carbon copy (bcc) functionality. But, if an employee allows the recipients of an email to see each other’s email addresses, you could face a data breach investigation.
Mistakenly attaching the wrong information to an email, and misspelling an email address and sending it to the wrong person are also common data privacy errors. In response, there must be strict policies and procedures in place to ensure the safe processing of information.
It’s not just online data you have to worry about, sticking the wrong address label on an envelope and posting it to the wrong person could also have serious consequences. So, when it comes to data protection, it pays to consider all the different ways you use and share data.
In many cases, data protection is not taken seriously, and human errors occur, because people do not understand their data protection responsibilities.
As such, your organisation must have an acceptable use policy (AUP) which spells out what is and isn’t acceptable when it comes to using digital technology.
In addition to creating an AUP, you should also ensure that all employees receive regular data protection training to make certain they understand the potential consequences of breaching data protection laws, understand the common threats, and are fully aware of the online safety rules and their obligations.