Data Privacy and Security

How to Protect Against the 'Human Factor'

In today’s modern age there are many threats to a company’s data security as demonstrated by the data breach news from the Student Loans Company and the resulting negative comments from the Information Commissioner’s Office (ICO). These threats can not only cause financial damage, but can seriously dent the reputation of the business in question. We usually associate such data breaches with external factors, such as third parties maliciously obtaining information via a data hack or theft.  However, research by the Poneman Institute has shown that human error is often to blame for the majority of data breaches that occur.

While there is the odd occasion where an employee has deliberately compromised company data- take the incident of a Morrison’s employee that was charged for stealing payroll data- the majority of breaches are often the result of an honest mistake. A lot of this stems from a lax attitude to security. We recently conducted research which highlighted that an overwhelming 23% of employees don’t believe that the security of their company’s data is their responsibility. Even more worrying is that only 63% said that there is a formal procedure in place when a device is lost, with a further 30% claiming there are no personal penalties for losing a work device.

Such an attitude makes it extremely difficult for IT decision makers; while you can apply the latest technology available to control data, ultimately the weakest link may be the psychology and personal preferences of individual members of staff.

With this ‘human factor’ being the weakest link, training and education needs to become a priority. This starts with a comprehensive data security policy, and strong leadership from the top. Staff need to be the first line of defence when it comes to IT security, and this will only be achieved if each and every person fully understands the consequences of poor data protection. In addition to this, IT decision makers will have to make sure that they implement a robust device and data management solution. If a device is lost, stolen or otherwise abused, the IT team has to be in a position where it can manage the problem.

Every employee is an individual and can present their own unique risk to the company. With potential threat sources unpredictable, companies need to adopt a holistic approach to data security. Provisions must extend beyond a firewall and cover more than just hacking attacks. Security policies have to take into consideration each device brought into the office, as well as each end-user. Numerous solutions are available for companies seeking to keep their critical information safe, but this must work in tandem with the education of staff to create a robust, water-tight data protection policy.


Stephen Midgley is VP Global Marketing at Absolute Software


« Cyborg Employees - Coming to An Office Near You


Will Transcendence Transcend Science Fiction? »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail


Do you think your smartphone is making you a workaholic?