Why pension companies should prioritise GDPR training

  • Posted on

The changes to our working world due to the Covid-19 pandemic have brought positives and negatives. While it has undoubtedly been a scary and stressful time, many of us have found that we enjoy working from home, being able to achieve a better work/life balance and spend more time with our loved ones.

That said, remote working also presents challenges, both for employees and their employers. One area of particular concern is data protection, with the rapid switch to homeworking risking creating the perfect environment for data breaches.

A data breach survey, commissioned by experts Hayes Connor solicitors at the end of 2020, demonstrates the extent of the problem. They asked UK office workers a number of questions regarding how their company conducted themselves both before and after the first lockdown.

It revealed some shocking statistics, including: two in three employees who printed documents at home disposed of them in their household bins; one in five have received no GDPR training for handling company data or cyber security since working in their company; and one in five UK employees received no data protection guidelines while working from home during lockdown.

Clearly, despite remote working, company owners are still not doing enough to avoid data breaches. Thus, they are leaving their customers open to having their data stolen, and their lives turned upside down.

There’s no doubt that technological advancements are moving far faster than we can handle. Alongside these advancements, hackers and scammers are exploiting company’s inabilities to keep up with these changes. This leaves many companies open to data breaches through theft of sensitive data.

That said, complicated cyber technology and encryption aren’t always to blame for data leaks. The truth is, human error is the cause of 95 per cent of data breaches, and the evidence shows that this problem is growing as a result of remote working during the COVID-19 pandemic.

Human error data breaches can occur in a number of ways. Some examples include: home worker’s laptops being left unlocked for household members to see; documents being left where they shouldn’t be, for example client houses or offices, or public transport; careless email practice; and home workers throwing sensitive documents in their home bins for anyone to see.

These may seem like very innocuous examples, but the reality is that mishaps like these can have drastic consequences.

Now that we know the main cause of data breaches, the real question is why should pension companies invest time and money into avoiding them? The truth is, it is likely to cost your company even more time and money in the long run through Information Commissioner’s Office (ICO) fines, extensive lawsuit costs, destruction of brand image and reduction in customer loyalty

The statistics and information above clearly show that some of the most basic steps are being ignored by company owners, which is putting them at major risk of a data breach. The truth is, these breaches are completely and utterly avoidable with the correct training and processes in place.

Some training ideas include: training employees on the consequences of a data breach so they understand the gravity of it all; emphasising the importance of protecting client data from the get-go; how to handle data, both inside and outside the office and home; and proper email sending procedure, which should include checking and double-checking email contents, recipients and attachments before sending.

Further training on how and why to set up secure passwords; recognising malicious scam attempts via email, text, invoices, and in person; not using work devices for personal use; how and when to use the anti-malware systems, secure networks, and other complicated cyber software and encryptions; where to save documents; training on the importance of updating any apps and devices when prompted; and what to do if cyber security measures fail can also help.

As you can see, there are a huge number of ways that pension companies can avoid a data breach caused by human error. The question is, are you willing to invest the time and money into the business now to avoid the consequences later?