We’ve talked about this a bit before, but it always bears repeating. Human beings are nearly always at the centre of any data breach. Human error has been cited as the single biggest factor in major security breaches, over and above hacking or malware attempts. So that sort of brings up the question – can we actually have effective data protection policies while human beings are involved?
According to information gathered by the Information Commissioner’s Office, human error is cited as the main cause of reported data breaches (and an even greater number of the unreported ones). Of the incidents reported, human error in one form or another accounted for 62% of breaches in 2016, with that number expected to rise this year. More than that, human error is also cited as a top cause of inaccuracies in data and paperwork, causing businesses a lot of problems in identifying and correcting mistakes. And while it might be easy to point to the big examples of data breaches on a massive scale (think of the Uber breach that was recently exposed), breaches rooted in human error are happening on a daily basis. Sometimes the results are small or even unnoticeable. And sometimes, they are devastating.
Could it really be that the thing that’s holding us back isn’t the technology or its capabilities, but the human element?
The Cost Is More Than What You Lose
There are a number of things that happen when your business data is breached. If you’re lucky, you won’t see too many negative effects on the business, but if you’re unlucky then you could be about thousands to fraudsters and hackers. But the cost doesn’t stop there. The problem is, unless business owners and employees understand the legislative framework, the level of risk to their business and how that effects what they do every day, staff will never understand the true cost implications to the business. So we’re here to rectify that.
The introduction of compulsory breach reporting, coupled with a significant rise in the maximum fines for data breaches (increasing from £500,000 to a maximum of €20m or, if higher, four per cent of global turnover) means that data could actually become a toxic asset – the equivalent of asbestos for the 21st century digital age. Historically, significant fines have been issued where employees have not wiped hard drives in accordance with the correct policy, and then sold those hard drives on eBay. Some of those hard drives have been proven to have contained highly sensitive material, from the medical data of several thousand patients to credit card information. The issues extend beyond handling old machines too. There have been recorded cases of fines issues because emails containing details of child abuse proceedings have been sent to the wrong email address, and these fines will only increase under the new regime of compulsory breach reporting and heftier fines.
At Greenaway, we believe in data security. Because of the way data is still handled within businesses, paperwork still presents not only a compliance risk, but a significant risk to data security as well. And human error is rife in paperwork. Paperwork can get lost, be stolen or simply thrown away when it’s not meant to be. At Greenaway, our shredding consoles and outsourced services are designed to help businesses understand and manage their paperwork security risks, from the moment the paperwork becomes obsolete to its ultimate destruction. For more information, just get in touch with the team today.