Over the past year the number of data breaches reported by the Information Commissioner’s Office (ICO) totalled over 1,700. While most people may expect hacking to be a major player in this figure, the majority of breaches are actually due to internal errors, such as data sent to the wrong email recipient or people losing an unencrypted device.
Christmas is a period when this type of breach is often amplified. It’s party season and people are often out and about more. They also travel all over the UK and even the world to see relatives. It’s so easy to leave a smartphone on a train, a tablet in a bar, or to simply just be careless with the likes of passwords or when downloading and uploading apps and data.
During this high-risk period, it’s vital to understand how your employees view and use data and devices. Also, with 2015 around the corner, it’s prudent to plan your data strategy for next year. The following five employee typologies will guide understanding of the risk posed by your staff this festive period, while helping to inform your thinking for next year:
Staying connected is rule number one in this employee’s world. Going without WiFi, apps and social media is not an option and all personal and corporate information must be available in one place, at their fingertips. Corrupted or hacked, their device is a potential gateway into the business network and can leave data up for grabs.
Feeling spurned, troublesome or just looking for another way to make money, these employees are snakes in the grass. They will attempt to steal your company data straight from under your nose for malicious intent or personal gain.
The Gadget Man
There’s always that one person who has the latest gadget. Wearable tech and Google Glass are just some of their latest desires, which of course, they will own in a heartbeat. The result: a business is left grappling a snowballing number of devices and subsequently, a growing number of threats.
Every business has that forgetful employee that has ramped up a number of replacement work passes or lost their expenses receipts. But what might be a running joke in the office, can also cause major issues when this carelessness evolves into a lost device, personal documents left lying around or a misplaced USB stick.
This employee just can’t resist getting in that extra hour or two of work outside of the office. But by simply drop-boxing or emailing work to a home computer or saving it in the cloud can leave the data at risk in unsecure environments.
These characteristics have ramifications for strategies like Bring Your Own Device, storage of data, managing the internet of things and cloud computing. Only by understanding the risks posed by these interactions will businesses and organisations stay compliant and avoid crippling fines this Christmas and in 2015.
If data is lost by the Millennial, Gadget Man, Scatter-Brained or The Extra-Miler – the organisation is made fully accountable for not having a policy for the employee to fall in line with.
Only in the case of the Snooper will a business have a case for not being accountable – this is because they have intentionally breached policies. And with supporting evidence that they’ve enacted a thorough data policy, a company can successfully hold the employee to account and even look at criminal and civil proceedings.
To stay on the right side of the law, businesses will need to demonstrate three things. A data security policy that is clear and accessible. Data security training for employees that is relevant to the organisation and the individual. And there must be proper data protection software in place.
This will become even more pertinent when the proposed EU General Data Protection Regulation comes into force in 2017 – it will ramp up businesses’ responsibility for data security, increasing sanctions for mishandling it.
The message is this: Christmas is one of the riskiest times for data leakage, but it’s also the perfect time for IT departments to implement a robust policy and utilize software that will not only protect the business and employees in December, but will also work for 2015.
Every business will have Millennials, Scatter Brains and Snoopers in their ranks. But this strategy will ensure your business won’t become another data breach statistic, allowing you to enjoy Christmas time, without worrying about the ICO and data crime.