Business resilience is all the rage and has clearly become more important for companies in all sectors. Business resilience is a term that combines crisis-management and business continuity – it represents the ability of organizations to rapidly adapt and respond to all types of risks, including cyber attacks and data breaches.
This blog will help you understand how staff training will future-proof your company by helping to prevent cyber attacks and data breaches.
Cyber Attacks and Data Breaches
When you think of a data breach, is it hackers and ransom ware that you think of? If you do, you’re not alone. Most people think of a cyber security threat when they think of a data breach.
However, would you be surprised to find out that most data breaches are caused by human error? In fact, according to the ICO, in 2020 there were over twice as many non-cyber security incidents than there were cyber incidents – 1857 to 737.
|Cyber security incidents||Brute Force||19|
|Other cyber incident||55|
|Cyber Security Incidents Total||737|
|Non-cyber security incidents||Alteration of personal data||3|
|Data emailed to incorrect recipient||402|
|Data of wrong data subject shown in client portal||33|
|Data posted or faxed to incorrect recipient||266|
|Failure to redact||105|
|Failure to use bcc||80|
|Incorrect disposal of hardware||4|
|Incorrect disposal of paperwork||9|
|Loss/theft of device containing personal data||46|
|Loss/theft of paperwork or data left in insecure location||141|
|Other non-cyber incident||613|
|Verbal disclosure of personal data||64|
|Non-Cyber Security Incidents Total||1857|
The fact is, data breaches are mostly caused by people, your staff, making mistakes. As you can see from the chart, the most common data breaches were:
1. ‘data emailed to incorrect recipient’
2. ‘data posted or faxed to incorrect recipient’
3. ‘phishing’, which also involves human error.
So now that you know that human error is the major cause of data breaches, the next thing to ask is ‘what can I do to reduce the risk of human error?’ The answer to that is simple… it’s ‘staff training’.
Staff training builds business resilience
Your employees are a critical factor in your organisation’s resilience. They are the front line — they are the ones that can cause data breaches or prevent them.
Staff training helps reduce the number of data breaches, which in turn, can help prevent loss of trust and reputation; can help protect your customer’s privacy; and improve your brand’s value.
Staff training should include:
Managing online risk
Staff need recognise on-line phishing activity and how to avoid a hacker’s attempts to uncover sensitive information.
Protecting personal data
Staff should know what constitutes personal data and understand their responsibility for that data. They should understand the data protection principles and how these work in practice. Staff should also know what a data breach looks like and how to avoid having one.
Safe device usage
Staff should have strategies and techniques for the safe use of personal mobiles and tablets. They should know about password safety and remote working best practices.
Starters and movers
Make sure that all new starters receive data protection training within the first month of starting. Have refresher training at least once a year. And don’t forget the movers – provide training that is appropriate to a staff member’s new position.
A data breach exposes the vulnerabilities of an unprepared business.
Don’t let this ‘unprepared business’ be you. Work on your business’s resilience. Have your staff trained in data protection. Protect your reputation and your brand.