Data privacy is a non-negotiable in today’s workplaces, but it can be complex and difficult to implement and monitor – meaning not all organisations are up to scratch. In some cases, confidential data might even fall into the hands of cybercriminals without anyone even knowing. Consumer and employee data is a growing motivator for hackers and virtual intruders, and according to the Office of the Australian Information Commissioner, within the last year there has been a 700% increase in data breaches in Australia.
Ben Wonson, Principal Consultant at KJR, speaks on the importance of keeping data secure. “Having good security practices is important to maintain the trust people give your company” – with the amount of data people might not even know they’re giving to an organisation, keeping it secure is simply “an employee’s responsibility as a good corporate citizen”. As it stands, many Australian organisations haven’t properly prepared for data theft and are open to a breadth of cyber threats.
Even with cybersecurity measures taken to avoid intruders, risks can still be present in the workplace simply through human error. As a direct result of employee actions, data can leave the organisation and become exposed in the public domain without staff even recognising what they’ve done.
Here’s a look at some common workplace mistakes that open the door for data breaches.
Security certificate failures
When companies handle their sensitive data through a corporate website, it’s necessary for the data transmission to be encrypted. Sylvia Choa, KJR Cybersecurity Principal Consultant, explains, “to facilitate a trusted connection, most companies obtain security certificates which uniquely identify them as a trusted entity”. After all, there’s no point having encrypted communication when you’re not sure who you’re connecting with.
If a certificate expires however, “the protection that comes with it will vanish” – meaning the encrypted connection won’t be available. When security certificates aren’t in place or aren’t renewed in time, data can be transmitted in an unencrypted form. Consequently, company websites can be compromised – meaning a higher likelihood of data breaches happening.
Emailing confidential data to external accounts
As Ben explains, “human error comes into play when, unawares, an employee emails or sends sensitive information to an external address or uploads it onto their cloud storage services without the proper security measures in place”. This means data is sent out of the organisation with the risk of it being shared further through secondary, less secure sources. An employee might upload customer data onto their Dropbox account, for example, which may be connected to their phone or personal computer. The risk this poses for a company’s security is exponential. A lost or stolen phone can provide direct access to corporate data. A personal computer might be more easily hacked, being outside a corporate network and without protection from malware. Similarly, a personal Dropbox account can be compromised if suitable password practices haven’t been maintained.
This is a very common occurrence of human error in the workplace – which is why most mature organisations have content filtering systems installed to prevent access to external services. As well as this, they also tend to educate staff on the risks of using such services to further prevent human error.