Report exposes lack of sufficient data security amongst employees
Research published by Egress has exposed that employees are the biggest threat to an organisation's data protection obligations showing that attitudes and practices when using and sharing personal information are significantly lacking.
The Insider Data Breach Survey 2019 found that 95% of IT leaders acknowledged that insider threats were a serious concern within their business while 55% of employees stated that their company did not provide tools to enable the secure sharing of personal information.
Kingsley Hayes, managing director at data breach and cybercrime specialist Hayes Connor Solicitors, said: "The research shows that nearly all IT leaders recognised that staff are potentially the weak point with regards to protecting customers' private data. It is therefore disappointing that more than half of employees have said that they are not provided with robust systems to facilitate the safe sharing of personal information.
"The report also highlights that there is still much needed with regards to educating everyone who handles customer data within a business to ensure that there is a clear understanding of how and why that information has to be handled with care.
"It is concerning, but perhaps not surprising, that more than a quarter (29%) of employees believed that they had personal ownership of the data they worked with. Nearly a third (32%) of the employees surveyed also said that they would consider taking company data with them to a new job.
"This shows a serious gap in employees' understanding of the importance of data security, the risks involved and sense of accountability if that information is breached either by accident or a deliberate act.
The survey found that more than two fifths (44%) of employee linked data breaches were caused as a result of a lack of awareness; more than a third (36%) due to a lack of training on security tools and more than a quarter (27%) because of a lack of robust security being in place.
Kingsley Hayes continued: "While there is evidence that more businesses are taking data protection seriously, the research shows a distinct disparity with employee attitudes and behaviour. Many organisations will be investing resources in implementing robust cybersecurity systems however, the arguably greater risk of human error appears to be overlooked.
"Staff should not only be regularly reminded and trained on the importance of safely storing, processing and sharing personal information, but also supported with the right systems and culture to facilitate best practice protecting not only an organisation's customers, but its reputation and bottom line."
Hayes Connor Solicitors was recently appointed as data protection supplier to the Communication Workers Union.