Hey, I’m Blair Wallace, from OSP Cyber Academy, we specialise in data protection and cybersecurity. When asked to guest blog for our partner Escone Solutions, I thought the best way to do this was to ask you a few questions that I’m sure you will relate to:
Have you ever clicked on a web link from an unknown 3rd party?
Have you ever provided a client with company or client information without confirming their identity?
What about accidentally sending an email to the wrong person and then quickly asking them to delete it?
Well, these are just a few examples of human error – staff trying to do the right thing but bypassing essential data protection procedures and company policies. Now don’t get me wrong, we all make mistakes, but if you or your employees are not aware of data protection implications and what needs to be considered, then these mistakes can leave your organisation vulnerable to data breaches.
Data breaches can in fact have a devastating impact on your organisation, from data and financial loss to reputational damage and disruption to trading. In fact, this has become increasingly more common over the years, with 2020 seeing spikes in breaches due to the COVID 19 pandemic.
In 2020 the average time to identify a data breach was 228 days with 71% of these breaches being financially motivated.
Even if you recover from the data breach itself, you might suffer at the hands of the ICO and their hefty fines – scary right?
But don’t be scared, get practical.
Here are my top three tips on preventing these mistakes from happening.
Check, then check again!
Yes, do a double check as it is ‘better to be safe than sorry.’ A cliché perhaps, but it is better to be over cautious about a ‘phishing’ email than risk putting yourself and the company at risk. I understand you are busy, but one double check could be the difference in being protected or being exposed to an attack. There are simple things which can be looked out for such as spelling mistakes, hovering over the senders email to see the true address, and finally, consider were you actually expecting an email from that sender in the first place.
Stay up to date on trends!
As technology rapidly advances, Cybercriminals are rapidly advancing too. So, it is important for you to keep in the loop of certain types of data breaches that are becoming increasingly prevalent and ensure you are up to date and knowledgeable. This is to minimise the risk of non-essential data falling into the wrong hands or being kept past its use date. If colleagues know what is and isn’t the correct process to deal with such information constantly, then your organisation will only be better off.
Now we know what you are thinking… “It’s the individual’s responsibility to keep track of what is going on with data to stay safe” but having a culture and internal processes that encourage teamwork and buy in from all will only benefit an organisation in the long run.
Invest in training!
There is no easy solution to mitigate against data breaches, but the best way to reduce the risk is education.
Investing in General Data Protection Regulation (GDPR) awareness training will undoubtedly protect your business. It can help you to:
- Document compliance activity so you know you are managing data correctly.
- Increase general awareness of the importance of cybersecurity across your workforce.
- Reduce human error.
- Educate your team on Data Subject Access Rights.
GDPR and Data Protection awareness training by OSP Cyber Academy is NCSC Certified and will greatly reduce the chance of you and your employees causing data breaches.
Our course will teach you about controllers’ obligations, data breach mitigation and data principles. You will also discover the impact of Brexit on Data Protection.
All of this and more is discussed in our newly refreshed training course, full of interactive content, real life examples and intuitive quizzes – you will not find any ‘snooze fest’ or ‘death by PowerPoint’ training from us!