How to build company resilience through data protection training
How to build company resilience through data protection training

Business resilience is all the rage and has clearly become more important for companies in all sectors. Business resilience is a term that combines crisis-management and business continuity – it represents the ability of organizations to rapidly adapt and respond to all types of risks, including cyber attacks and data breaches.

This blog will help you understand how staff training will future-proof your company by helping to prevent cyber attacks and data breaches.

Cyber Attacks and Data Breaches

When you think of a data breach, is it hackers and ransom ware that you think of? If you do, you’re not alone. Most people think of a cyber security threat when they think of a data breach. 

However, would you be surprised to find out that most data breaches are caused by human error?  In fact, according to the ICO, in 2020 there were over twice as many non-cyber security incidents than there were cyber incidents – 1857 to 737.

  INCIDENT TYPE  NUMBERS
Cyber security incidents Brute Force        19
  Hardware/software misconfiguration        22
  Malware        41
  Other cyber incident       55
  Phishing       258
  Ransomware      152
  Unauthorised access      190
  Cyber Security Incidents Total      737
  INCIDENT TYPE  NUMBERS
Non-cyber security incidents Alteration of personal data         3
  Data emailed to incorrect recipient         402
  Data of wrong data subject shown in client portal         33
  Data posted or faxed to incorrect recipient         266
  Failure to redact        105
  Failure to use bcc        80
  Incorrect disposal of hardware        4
  Incorrect disposal of paperwork        9
  Loss/theft of device containing personal data        46
  Loss/theft of paperwork or data left in insecure location        141
  Not Provided        91
  Other non-cyber incident        613
  Verbal disclosure of personal data       64
  Non-Cyber Security Incidents Total        1857

(Source: https://ico.org.uk/action-weve-taken/data-security-incident-trends/)

The fact is, data breaches are mostly caused by people, your staff, making mistakes. As you can see from the chart, the most common data breaches were:

1. ‘data emailed to incorrect recipient’

2. ‘data posted or faxed to incorrect recipient’

3. ‘phishing’, which also involves human error.

So now that you know that human error is the major cause of data breaches, the next thing to ask is ‘what can I do to reduce the risk of human error?’  The answer to that is simple… it’s ‘staff training’.

Staff training builds business resilience

Your employees are a critical factor in your organisation’s resilience. They are the front line — they are the ones that can cause data breaches or prevent them.  

Staff training helps reduce the number of data breaches, which in turn, can help prevent loss of trust and reputation; can help protect your customer’s privacy; and improve your brand’s value.

Staff training should include:

Managing online risk
Staff need recognise on-line phishing activity and how to avoid a hacker’s attempts to uncover sensitive information.

Protecting personal data
Staff should know what constitutes personal data and understand their responsibility for that data. They should understand the data protection principles and how these work in practice. Staff should also know what a data breach looks like and how to avoid having one.

Safe device usage
Staff should have strategies and techniques for the safe use of personal mobiles and tablets. They should know about password safety and remote working best practices.

Starters and movers
Make sure that all new starters receive data protection training within the first month of starting.  Have refresher training at least once a year. And don’t forget the movers – provide training that is appropriate to a staff member’s new position.

A data breach exposes the vulnerabilities of an unprepared business.

Don’t let this ‘unprepared business’ be you. Work on your business’s resilience. Have your staff trained in data protection. Protect your reputation and your brand.

We’re here to help, every step of the way.

Don’t wait. Book a free consultation today!

Share This

Share this post with your friends!

Share This

Share this post with your friends!