It’s generally assumed that if you have a data breach it’s because of some gremliny attacker, trying to hack your system from his bedroom whilst wearing a hoodie (not to overegg the stereotype or anything). In fact, new research suggests that the person responsible for your data breach is probably more likely to be wearing a suit and sat across from you right now.
Security firm Egress Software Technologies made a Freedom of Information request to the Information Commissioner’s Office (ICO) recently, and found that UK data breach investigations within the financial services industry has trebled in the last two years, and that human error is often at the heart of it.
The 183 per cent rise in reported Data Protection Act incidents looked at 585 events which had been reported to the ICO during 2014 alone.
Staggeringly, all big UK banks and lenders seem to have reported breaches, although it wasn’t documented how serious or costly they were. What’s potentially more frightening though, is that a whopping 93% of these breaches have been because of human error, up from an estimated 64% in 2012.
To add to the fun, if the breaches themselves don’t cost ya, the negligence fines could. The ICO ended up fining service orgs £455,000 in total, and that’s set to rise as it’s expected new legislation could increase the penalty to two per cent of a company’s annual turnover for a breach.
“The financial services industry has a responsibility to us all to ensure that the information they manage on our behalf, including bank accounts, mortgages and insurance policies, is protected in a highly secure way,” said Egress chief exec Tony Pepper.
Avoiding error is probably going to be impossible, but negligence or an inability to keep up with changing tech is another matter. Having a strong security strategy in place and ensuring that all employees are trained on it is vital – even little things like employees emailing confidential documents to their personal email address and out of your system could be a weakness that employees wouldn’t even think twice about. Restrict non-essential system access if necessary, and ensure that you have a comprehensive disaster recovery plan in place to minimise inevitable damage too.
So, get your strategy in place and ensure that your team is prepped – or that you don’t end up accidentally causing a whole heap of trouble yourself; because, as that well-known saying goes, “To err is human, but to protect yourself from potential human error security breaches is really smart”.
For more advice on keeping your solution secure, take a look at our website or give us a call on 0208 045 4945.