It cannot be emphasised strongly enough how important staff awareness is to an organisation’s ability to secure its information assets. Human error accounts for an increasingly large portion of data breaches. In order to ensure GDPR compliance, it is essential an organisation invests time and resources in training staff about data security best-practice.
As seen in the table below, recent data breach notifications show that contact information is most commonly lost or stolen, with financial details following suit.
In cases where a data breach was caused by human error, the dominant factor is commonly the sending of private information to an incorrect recipient via email.
Such data breaches are easily preventable with the right training and awareness programs in place.
While information security regimes such as the GDPR have seen executives and ICT departments prioritise privacy, there is often a disconnect when it comes to non-technical employees.
Many organisations have not implemented training programs to train staff in ways they can collect, share or store data securely. Simple measures such as email encryption, encrypted file transfers or the use of secure project collaboration tools can make a big difference.
All too often, data breaches occur because staff have prioritised convenience over security. Using personal email accounts or messaging applications to share company documents can dangerously expose an organisation. Behaviours such as this risk unauthorised access, disclosure or loss of personal data, and could result in an organisation being liable for a data breach under the GDPR.
Some of the most common human errors that lead to data breaches include:
- Data sent to the wrong email recipient
- Accidental disclosure to an unauthorised person
- Loss of paperwork or storage device
- Failure to use bcc when sending emails
Maintaining information security should not come at the expense of convenience. Organisations need to provide employees with the tools they need to work efficiently without compromising data security or putting the organisation at risk of violating GDPR requirements.
This can be achieved through the provision of encrypted email, messaging and file transfer systems. There are also a range of data loss prevention (DLP) software platforms that can further protect against employee error, by scanning emails and attachments to help highlight incorrect email recipients.
Getting staff and technology to work together to achieve information security is vitally important if an organisation is going to ensure it achieves compliance with GDPR. With the right education and training, as well as the right tools, every organisation can enhance its data security.