Will Your Staff Cost You Millions in Data Breaches?

Financial services organizations have never been more at risk of data breaches. A recent report by RPC found that the number of data breaches reported by UK financial services firms increased 480% in 2018, with the retail banking sector seeing the largest relative increase in data breaches. A wider report by DLA Piper found that European companies suffered 60,000 data breaches in the 8 months following the GDPR laws coming into force, equating to one every 5 minutes.
The reports certainly seem to be reflected in the media, with UK banking institution Metro Bank reporting a sophisticated data breach in February 2019 whereby hackers intercepted text messages to gain access to bank accounts. Meanwhile, credit reporting firm Equifax reported that as many as 400,000 British accounts and 143 million U.S. accounts were compromised in a data breach in 2017 because one employee failed to heed security warnings and did not ensure the implementation of software fixes that would have prevented the breach.
This reflects an often overlooked truth about data breaches; although cyber attacks receive more attention in the press, it is more often human error or simple negligence that results in data breaches.
The Information Commissioner’s Office revealed in their yearly financial report for 2017/18 that 4 of the 5 leading causes of data breaches could be attributed to human error.

Data sent by email to inc rep

Data posted/faxed to inc rec

Loss/theft of paperwork

Failure to redact data

Human beings are inherently flawed, and the mistakes of an individual can jeopardise the entire business. Given the reputational and financial implications at stake, it is imperative that fintech directors understand which areas of the business are the most liable to cause a data breach.
Remote Workers
One type of employee that risks putting the wider business at risk is the remote worker. Telecommuting is an increasingly common working arrangement whereby employees are occasionally permitted to work from home, which has led to around 70% of people globally working remotely at least one day a week.
However, remote work carries additional security risks. An employee working with a company laptop in a coffee shop might be using a Wifi network that is not secure, allowing even basic hackers to gain access to private company data. Additionally, few employees can avoid using paper files and these confidential documents can quickly become lost or stolen in public places.
Employers should therefore clearly outline their remote employees’ responsibilities regarding confidentiality and data protection. They must also establish remote working security policies that remove the scope for costly mistakes, such as by specifying that all file downloads should be work-related. Other advisable policies include implementing device monitoring, rigorous password protection and asking that devices and files are only used in specific locations with secure Wifi networks.
Administration department
Another vulnerable area of any business is the administration department. Responsible for a business’ financial planning, record keeping and logistics, an administrator is often the backbone of an organisation. An administrator’s role is therefore crucial for avoiding a data breach, as if any of their responsibilities are performed incorrectly sensitive data could quickly be obtained by malicious third parties.
With so many documents moving through the admin department every day, sensitive information found on meeting notes, tax forms and financial reports can become lost or stolen if an effective process is not in place. A prerequisite should therefore be establishing a clean desk policy in the office, whereby all employees are required to declutter their workspaces at the end of each day.
By implementing this rule, administrators will find it far easier to store and destroy sensitive documents. Any data that is still used and found in hard copy should be locked in storage cabinets overnight, with the most important files being stored off-site at a secure information management facility. Furthermore, documents that are no longer needed should be shredded immediately rather than thrown in waste bins, where they can be found and potentially used as blackmail or for fraudulent purposes.
Complacent managers
Complacency is perhaps the most common reason for a data breach, and higher-level managers who fail to promote data security best practices pose the greatest risk. Managers are responsible for setting the standard in cybersecurity, but if they become complacent in implementing security awareness programmes their employees may begin to also forget their training.
Poor password management, opening suspect emails and leaving computers unlocked are all practices that creep into a business’ culture if an example is not set at the top. Not only should managers regularly encourage their staff to change their passwords and lock their devices, but they should also arrange for external training to be made available for all staff.
For example, managers should invest in up-to-date e-learning training sessions for both online and offline security, as well as invite IT experts to teach employees about common hacking risks and how they should respond to a successful data breach.
Key Takeaways
The rising threat of cyber attacks is undeniable, and companies of all shapes and sizes should ensure preparations are made to deal with direct attacks. However, financial services organizations cannot afford to neglect the cost of mistakes made by staff and any budget set aside for cybersecurity should include resources for comprehensive training and secure document storage and disposal. Only then can the risk of human error be minimised.
Originally published here.

Financial services organizations have never been more at risk of data breaches. A recent report by RPC found that the number of data breaches reported by UK financial services firms increased 480% in 2018, with the retail banking sector seeing the largest relative increase in data breaches. A wider report by DLA Piper found that European companies suffered 60,000 data breaches in the 8 months following the GDPR laws coming into force, equating to one every 5 minutes.

The reports certainly seem to be reflected in the media, with UK banking institution Metro Bank reporting a sophisticated data breach in February 2019 whereby hackers intercepted text messages to gain access to bank accounts. Meanwhile, credit reporting firm Equifax reported that as many as 400,000 British accounts and 143 million U.S. accounts were compromised in a data breach in 2017 because one employee failed to heed security warnings and did not ensure the implementation of software fixes that would have prevented the breach.

This reflects an often overlooked truth about data breaches; although cyber attacks receive more attention in the press, it is more often human error or simple negligence that results in data breaches.

The Information Commissioner’s Office revealed in their yearly financial report for 2017/18 that 4 of the 5 leading causes of data breaches could be attributed to human error.

  • Data sent by email to inc rep
  • Data posted/faxed to inc rec
  • Loss/theft of paperwork
  • Failure to redact data

Human beings are inherently flawed, and the mistakes of an individual can jeopardise the entire business. Given the reputational and financial implications at stake, it is imperative that fintech directors understand which areas of the business are the most liable to cause a data breach.

Remote Workers

One type of employee that risks putting the wider business at risk is the remote worker. Telecommuting is an increasingly common working arrangement whereby employees are occasionally permitted to work from home, which has led to around 70% of people globally working remotely at least one day a week.

However, remote work carries additional security risks. An employee working with a company laptop in a coffee shop might be using a Wifi network that is not secure, allowing even basic hackers to gain access to private company data. Additionally, few employees can avoid using paper files and these confidential documents can quickly become lost or stolen in public places.

Employers should therefore clearly outline their remote employees’ responsibilities regarding confidentiality and data protection. They must also establish remote working security policies that remove the scope for costly mistakes, such as by specifying that all file downloads should be work-related. Other advisable policies include implementing device monitoring, rigorous password protection and asking that devices and files are only used in specific locations with secure Wifi networks.

Administration department

Another vulnerable area of any business is the administration department. Responsible for a business’ financial planning, record keeping and logistics, an administrator is often the backbone of an organisation. An administrator’s role is therefore crucial for avoiding a data breach, as if any of their responsibilities are performed incorrectly sensitive data could quickly be obtained by malicious third parties.

With so many documents moving through the admin department every day, sensitive information found on meeting notes, tax forms and financial reports can become lost or stolen if an effective process is not in place. A prerequisite should therefore be establishing a clean desk policy in the office, whereby all employees are required to declutter their workspaces at the end of each day.

By implementing this rule, administrators will find it far easier to store and destroy sensitive documents. Any data that is still used and found in hard copy should be locked in storage cabinets overnight, with the most important files being stored off-site at a secure information management facility. Furthermore, documents that are no longer needed should be shredded immediately rather than thrown in waste bins, where they can be found and potentially used as blackmail or for fraudulent purposes.

Complacent managers

Complacency is perhaps the most common reason for a data breach, and higher-level managers who fail to promote data security best practices pose the greatest risk. Managers are responsible for setting the standard in cybersecurity, but if they become complacent in implementing security awareness programmes their employees may begin to also forget their training.

Poor password management, opening suspect emails and leaving computers unlocked are all practices that creep into a business’ culture if an example is not set at the top. Not only should managers regularly encourage their staff to change their passwords and lock their devices, but they should also arrange for external training to be made available for all staff.

For example, managers should invest in up-to-date e-learning training sessions for both online and offline security, as well as invite IT experts to teach employees about common hacking risks and how they should respond to a successful data breach.

Key Takeaways

The rising threat of cyber attacks is undeniable, and companies of all shapes and sizes should ensure preparations are made to deal with direct attacks. However, financial services organizations cannot afford to neglect the cost of mistakes made by staff and any budget set aside for cybersecurity should include resources for comprehensive training and secure document storage and disposal. Only then can the risk of human error be minimised.

Originally published here.

Read more on Business 2 Community 

Related News
A planned bill would expand New York's definition of the type of data stored at businesses whose breach would mandate a disclosure to include email addresses. Source:: New York Attorney ...
READ MORE
Old heist movies depict safecracking in a comical light: a masked outlaw crouches over a combination lock, fiddling with it until it magically opens. Small-business owners know there’s nothing amusing ...
READ MORE
Managers Should Replace Themselves. Here’s How…
Sharlyn Lauby of HR Bartender recently wrote an article about why managers’ goal should be to find and hire their replacements. She writes,“If a manager takes their role seriously, then ...
READ MORE
ZestFinance, a practitioner of big data underwriting, says it can reduce the risk of default on payday loans by 40 percent or more. Source:: Big Data Underwriting for Payday Loans
READ MORE
Lacking a Data Strategy That Makes Sense?
The availability of customer data provides endless opportunities for businesses. Businesses can use customer data to amplify their marketing efforts, better understand their customers, hit targets, and grow their business.The ...
READ MORE
Currently only 13% of companies achieve full-scale implementation of their in-house big data projects, and currently only 27% of executives describe their in-house big data initiatives successful. Such a low ...
READ MORE
It didn't take Rex Ryan long to take another NFL coaching gig. The fired Jets coach officially took the Buffalo job Monday, so quick he apparently decided having his situation... ...
READ MORE
The magazine famous for pictures of sports and photo spreads of models in bathing suits fired all six of its staff photographers yesterday. Source:: Sports Illustrated Got Rid Remaining Staff ...
READ MORE
New York Attorney General Seeks Expanded Reporting Requirements
Choosing a Security Safe For Your Small Business
Managers Should Replace Themselves. Here’s How…
Big Data Underwriting for Payday Loans
Lacking a Data Strategy That Makes Sense?
Is Big Data Too Risky?
Rex official with Bills, so how will his
Sports Illustrated Got Rid Remaining Staff Photographers

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *