Could bored employees be the biggest risk to data security?

At Infosec Europe 2017, a snapshot poll from Centrify revealed that distractions and boredom are the main causes of human error in the IT industry, according to more than a third of sector leaders.

Also, over half of the IT leaders said that businesses will eventually trust technology enough to replace human operators, putting technology in charge of comprehensive data security to prevent breaches.

Similarly, according to an article from the Harvard Business Review, the biggest risks to a business’ data security are in fact its employees. The article identifies carelessness as one of the main risks to data security.

Therefore, to ensure regulatory compliance, businesses need two things: firstly, robust data management policies; including the processing, storage, disposal and destruction of data.

>See also: The data security landscape of 2027

Secondly, those at the top of the business need to focus on educating employees about data security, ensuring that everyone is aware of the benefits of good data governance and how it can benefit the business.

While technology may be in the driving seat for the automation of data management, data processing and data input in the future, it does not change the fact that businesses need data policies and data security to be driven and validated by human beings. Technology alone is useless: all it does is provide the means to manage data efficiently and at scale.

Without the necessary variables or boundaries set by humans, technology will not be able to operate in a regulatory compliant manner – or continue to meet the changing needs of a business.

With the new General Data Protection Regulation (GDPR) fast approaching, the need for structured, consistent and reliable data security processes is critical for all businesses. Businesses need to realise the importance of having a robust, end-to-end process for the entire lifecycle of data assets – from cradle to grave.

Post May 2018, any data security breaches could result in hefty fines for businesses – maybe even putting that business in severe financial difficulty. Business leaders would be wise to invest in their employees now and educate the entire workforce on data compliance, data governance and data security practices under GDPR.

Top tips to ensure complete data security

1. Educate everyone on data management policies: Everyone from the top down needs to be educated on data management, data disposal and data protection. More importantly, the workforce needs to understand how these data security practices can actually benefit the business and not hinder it. For example, data governance tools can help establish clear accountability for the management of data across the entire business, as well as enable employees to measure the impact of good data practices.

>See also: Where is the weak link in data security?

2. Provide consistency: Data management, processing and destruction policies need to be consistent and enforced. This will be easier to achieve by getting buy-in from key business influencers. These people might not be senior management, but employees at all levels that have an influence on their colleagues. Invest time into educating and supporting these key business influencers and empower them to become the champions of good data security practice – and all of your employees will follow.

3. Clear and repeatable processes: Once the policies have been agreed, they not only need to be readily available for anyone who wants to find out more, but also clear and easy to understand. Data disposal processes should be mapped out clearly, step by step if necessary, and in a manner that meets regulatory compliance. This is made much easier if businesses can use technology to support employees on the road to compliance, guiding them through the necessary processes and ensuring that the necessary data security checks are in place.

4. Know your regulatory compliance: Any new policies and data security activity needs to be introduced in line with the highest industry regulations, for example, the Data Protection Act (DPA) or in the future, GDPR. In the UK, there are key rules governing data protection and waste management. Ensure your data destruction and disposal solution is compliant with these standards – especially if it is managed by a third-party partner; it is your responsibility to ensure that they are reputable and compliant.

>See also: Employees represent the ‘biggest data security risk’

It is also worth considering having a team of specialists within the business who are up-to-date on data protection laws and can regularly impart their knowledge to the rest of the business. Dependent on the type and size of your organisation you may be required, under GDPR, to employ a Data Protection Officer to ensure the latest industry regulations are enforced.

Secure data management

The use of technology will be crucial to the long-term sustainability of businesses. As the level of data processed and managed by any business continues to grow, there will be an increased need to incorporate software and hardware into the business’ data management and operating procedures.

Having this technology in place to support data security practices will ease the ‘compliance burden’ and allow employees to focus on their job, providing value to the business and customers alike.

>See also: What is the motivation behind data security?

However, technology is not a perfect solution, nor a silver bullet for any data security fears, rather it is a tool to amplify existing data security, data management and data destruction processes.

With any use of technology, the education of the operator is a cornerstone to it being efficient and delivering value – and employees working in tandem with technology is essential for continuous and secure data management.

 

Sourced by Steve Inglessis, Commercial Director at DataRaze

Avatar photo

Nick Ismail

Nick Ismail is the editor for Information Age. He has a particular interest in smart technologies, AI and cyber security.