Matt Green highlights the most common data breaches that companies neglect to prepare for
While GDPR (General Data Protection Regulation) is a hot topic across most industries, it can still be easy for things to fall through the cracks. As companies increase regulation on the bigger issues, often it’s the smaller data breaches that the Assistants and administration teams can fall prey to, which can still have a huge impact.
In the day-to-day administration work, you’re often dealing with data on behalf of those you work with – for example, spreadsheets that include names and email addresses, a list of phone numbers or passwords. Even misplacing your laptop or mobile phone can lead to a data breach.
To help you identify the common data breaches and penalties, and how to avoid them, let’s look at the must-know details of GDPR.
What Is a Data Breach?
A data breach is an incident in which sensitive, protected, or confidential information is exposed to an unauthorised person. Data breaches can have a significant impact on businesses and individuals, including financial losses, reputational damage, and legal liability.
The Most Common Data Breaches in the Workplace
There are many different types of data breaches, but some of the most common include:
Access by an unauthorised third party
This is the most common type of data breach. It occurs when hackers or other unauthorised individuals gain access to sensitive data through malware, ransomware, or hacking.
Sending personal data to the wrong person
This can happen due to human error, especially during busy or stressful times. It can also happen if employees are not properly trained on how to handle sensitive data.
Deliberate or accidental action (or inaction) by a controller or processor
This type of data breach can occur when a company or organisation loses or destroys sensitive data, or when it fails to protect data from unauthorised access. It can also occur when employees misuse or abuse sensitive data.
Loss of availability of personal data
This type of data breach occurs when sensitive data is unavailable due to system failures, hardware malfunctions, or human error. It can also occur when data is encrypted and cannot be decrypted.
Lost or stolen devices containing personal data
This is a common way for criminals to get their hands on sensitive information. If a laptop, smartphone, or other device containing sensitive data is lost or stolen, it can be easily accessed by unauthorised individuals.
Altering personal data without permission
This type of data breach can occur when hackers or employees change or delete sensitive data without authorisation. This can have a significant impact on individuals, as it can damage their credit, finances, or reputation.
How to Avoid Data Breaches
There are a number of things that you can do to help avoid data breaches. Some of these tips include:
Store data securely
Use strong encryption and access controls to protect your data from unauthorised access.
Create a remote working policy
Ensure that employees who work from home follow security procedures to protect sensitive data.
Keep client details up-to-date
Ask clients to update their contact details regularly so that you don’t accidentally send data to the wrong person.
Label documents appropriately
Make sure that documents containing sensitive data are clearly labelled so that they don’t get sent to the wrong person.
Take care when redacting data
When redacting documents, be sure to remove all personal information, including the names of other people.
Be careful when using blank templates
If you use blank templates, make sure that employees always create a new copy rather than overwriting an old one, which could contain sensitive information.
Review employee access
Only give employees access to the data that they need to do their jobs. Remove access for employees who leave the company.
Think about ex-employees
Include clauses in employment contracts that prevent ex-employees from approaching your clients or using your data for personal gain.
Back up your systems regularly
This will help to protect you in case of a data breach or other disaster.
Additional Tips for Avoiding Data Breaches
In addition to the tips above, there are a number of other things that businesses and individuals can do to help avoid data breaches. These include:
Use strong passwords and two-factor authentication
This will make it more difficult for hackers to gain access to your systems.
Keep your software up-to-date
Software updates often include security patches that can help to protect you from malware and other threats.
Be aware of phishing scams
Phishing emails are designed to trick you into giving away your personal information. Never click on links or open attachments in emails from unknown senders.
Educate your employees about data security
Make sure that your employees know how to protect sensitive data and report suspicious activity.
By following these tips, you can help to protect your business from data breaches.
The Costs of Data Breaches
In the first 20 months of GDPR, more than €114 million was issued in fines. Since then, several high-profile companies have made world news for data breaches.
Penalties can be high, no matter the size of your business, so it’s important to always be aware of how your actions could cause a breach. UK and EU GDPR can impose a maximum fine of £17.5m or €20m, respectively, or 4% of your annual global turnover, whichever is larger.
Administration errors (not leading to a data breach) carry lesser fines, while penalties for minor infringements include warnings and reprimands, a temporary or permanent ban on data processing, restoring, restricting, or erasing data, or suspending data transfers.
Data breaches are a serious issue for businesses of all sizes. They can have a significant impact on finances, reputation, and legal liability. Assistants and administration teams play a vital role in protecting sensitive data, but they are also often the ones who accidentally cause a data breach.