According to a new report from security company SecureAge Technology, most UK businesses and individuals experienced at least one data breach during the pandemic. The survey discovered that, over the last 18 months:
- 48% of businesses experienced a breach
- 16% of employees suffered a personal cybersecurity incident.
The consequences of a data breach
A data breach can have devastating consequences. For individuals, the possible effects include theft/fraud and emotional stress and worry. In fact, the aftermath of a data breach can be devastating for victims. The sheer scale of the information we share on and offline should make us all scared about what could happen should it get into the wrong hands.
For example, following the recent Guntrader data breach, animal rights activists created a CSV file linked to a Google Earth map that showed the exact locations of the data breach victims’ homes. The map was then posted on a blog which encouraged people to “contact as many [gun owners] as you can in your area and ask them if they are involved in shooting animals”.
Smaller, individual mistakes can also cause misery when bank statements, medical records and other personal data is shared with people it should not be – for example, ex-partners, neighbours, or employers
For organisations, the impact of a data breach can also be devastating. As well as the reputational damage, and the potential loss of future business and customers, organisations risk huge regulatory fines and compensation pay outs if they do not adequately uphold their data protection responsibilities.
Despite this, the SecureAge report found that cybersecurity training is still lacking with fewer than 50% of employers providing formal training on how to detect and handle suspicious emails. Employees also lack understanding on how to set up a strong password or protect sensitive information when working remotely.
At Keller Postman UK, we have seen the damage that can be caused by simple human error in the workplace. For example, the Ministry of Defence (MoD) experienced two shocking data breaches that have put Afghans and their families at risk.
The Afghan Relocations Assistance Policy (an MoD team) mistakenly exposed email addresses, names and some photographs by not using the bcc function when contacting people asking for an update on their situation. This potentially catastrophic data protection breach exposed those who worked against the Taliban and could put lives at risk.
Not using the bcc functionality when sending an email to multiple recipients is a common data privacy mistake and one that an organisation like the MoD should easily be able to prevent with the proper training and processes.
Data breaches and the pandemic
There is no doubt that the last few years have been transformative for data protection. Today, more of our data is being used and shared than ever before; especially as we all exploit technology in our business and personal lives. But this increased reliance on technology does not come without risk, and too many organisations are still failing to take data protection seriously.
As the world has struggled to overcome the challenges brought about by the coronavirus pandemic, data protection issues were thrust into the spotlight as the challenges of an at-home workforce and the need for remote technology and health-focused apps became apparent. From the very beginning of the pandemic, Kingsley Hayes, our head of data breach voiced concerns about how coronavirus would likely lead to an increase in data breaches. In particular, he has discussed:
- A likely increase in phishing emails and coronavirus scams as cybercriminals looked to take advantage of heightened anxiety and concerns during the coronavirus outbreak.
- The need for organisations to look at how personal data would be collected, processed and shared with technological innovation happening at speed (e.g. the development of track and trace apps).
- How organisations should manage risk with an upsurge in homeworking.
- The potential for increased human error in the workplace (including home workers) due to heightened stress.
It is disappointing therefore, that despite these warnings, many UK organisations have still not implemented the necessary security measures to keep their customers, employees and businesses safe.