Why the COVID-19 outbreak might lead to more data breaches
At Hayes Connor Solicitors, we've received thousands of enquiries from people who have suffered as a direct result of a data breach. Cybercriminals cause some of these cases. But, in many instances, seemingly small mistakes are bringing misery and upset to people across the UK. In fact, despite fears about cybercrime, human error is seven times more likely to cause data protection breaches than hackers.
As businesses navigate the coronavirus crisis, many have responded by increasing home working. But, at this challenging time, it is highly likely that organisations will suffer more mistakes and more data breaches. And there are two key reasons why.
1. In the rush to get up and running, some companies have not implemented appropriate security measures
The vast majority of data breaches happen because of inadequate security processes. Even when a privacy violation occurs as the result of a hack or other form of cyberattack, a lack of robust safety measures is usually to blame. Organisations that have not invested the time to protect their data are leaving the door open for criminals to exploit.
The impact of the coronavirus crisis will be far-reaching, and long-term commercial survival will rely on the ability of organisations to quickly adapt working practices to keep staff and customers safe while maintaining business as usual. So, as we all adapt to the new normal, businesses that haven't yet reviewed their data security - especially for mobile workers - must do so.
Things businesses must look at urgently include:
- Reviewing data and security processes. Because once organisations know what they are dealing with, they can document the controls they have in place and evaluate any potential risks
- Establishing where improvements are needed and putting the necessary security measures in place. For example, appropriately limiting remote access to files and information and encrypting personal and sensitive data
- Implementing/updating their mobile working policies.
In addition, organisations should also consider things like penetration testing, prompt attention to updates and patches, on-going maintenance of cybersecurity systems, and making sure that there are swift response protocols in place should data become compromised. Furthermore, for businesses that are using apps and other technology to work remotely, they must scrutinise third-party integrations to assess any potential impact on security.
2. People make mistakes. Even more so when they are worried and stressed
People are the biggest cause of data breaches. And, at a time when we are all feeling more anxious than usual, it is to be expected that mistakes will happen. And indeed, that they could increase; especially in situations where appropriate homeworking procedures haven't been established.
Common causes for data violations include:
- Information being sent to the wrong recipient
- Loss of theft of paperwork
- Failure to redact data
- Failure to use bcc when sending an email
- Unencrypted devices being lost or stolen.
Also, employees often fall victim to cyber scams that inadvertently allow criminals to access their employer's systems. In March 2020, coronavirus-related fraud reports increased by 400%, and, when people are already anxious, they could be more susceptible to fraud. So, everyone must be on their guard during the current pandemic - and beyond.
One of the most important things an employer can do to reduce the risk of a data protection failure is to carry out training. This is vital to ensure that all staff are aware of the risks - and that they feel more confident when working from home. And now is the perfect time to introduce a remote training programme.
The bottom line is that organisations are still responsible for data security. And if they do not take this obligation seriously, they will be liable for any work-based privacy errors - regardless of where that work is taking place.
Data protection is essential during the COVID-19 pandemic. And beyond
Today, technology is making it possible for businesses to adapt to employees working remotely. However, being mindful of potential data protection risks, and quickly implementing appropriate security measures, should be front of mind.
For more information on how to keep your data safe, follow us on TwitterandFacebook. Alternatively, if you have been the victim of a data breach, pleasecontact usto find out how we can help. Our initial advice is completely free, and there is no obligation to process.
 Freedom of Information Act Request 2017/2018